What is NanoClaw?
Definition: NanoClaw is an open-source, local-first messaging AI agent positioned as a lightweight alternative to OpenClaw. Its thesis is security by isolation: agents run in containers with only explicitly mounted directories, while outbound API auth is proxied through OneCLI’s Agent Vault.
Core idea: isolation beats allowlists alone
OpenClaw-style products often rely on app-level allowlists and operator hygiene. NanoClaw starts from a different diagram: the agent is an untrusted process in a box. Bash is “safe” not because the LLM is careful, but because commands run inside the container—not on your host kernel’s full filesystem.
What you get
- Small TypeScript/Node host; channels often added as on-demand skills
- Per-agent Docker sandboxes; optional Docker Sandboxes (microVM) or Apple Container
- WhatsApp, Telegram, Slack, Discord, Gmail, and more (verify current matrix)
- Memory + scheduled jobs in a smaller footprint
- Strong Claude / Anthropic Agents SDK orientation in public docs
Who it is for
- Operators who will not sleep unless agents are sandboxed
- Teams that can operate Docker (and optionally microVMs) well
- Security reviews that demand vault + container diagrams
Pause if: you need ClawHub density this week, or Docker is opaque to your team—isolation theater without ops skill is worse than a hardened OpenClaw Gateway.
Architecture mental model
- Host orchestrator — routes messages, small codebase.
- Agent containers — wake on messages; mounted workspaces only.
- OneCLI vault/proxy — injects credentials; optional egress lockdown.
- Channels — messaging adapters paired during setup.
This column
Last updated: 2026-07-14 · Independent analysis on OpenClaw Roadmap. Verify features on each project’s official site/repo—this space moves fast.