Posted by jimminyx 5 days ago
OpenClaw has 52+ modules and runs agents with near-unlimited permissions in a single Node process. NanoClaw is ~500 lines of core code, agents run in actual Apple containers with filesystem isolation. Each chat gets its own sandboxed context.
This is not a swiss army knife. It’s built to match my exact needs. Fork it and make it yours.
Edit: I see you, making edits to the readme to make it sound more human-written since I commented ;) https://github.com/gavrielc/nanoclaw/commit/40d41542d2f335a0...
I don't make any attempt to hide it. Nearly every commit message says "Co-Authored-By: Claude Opus 4.5". You correctly pointed out that there were some AI smells in the writing, so I removed them, just like I correct typos, and the writing is now better.
I don't care deeply about this code. It's not a masterpiece. It's functional code that is very useful to me. I'm sharing it because I think it can be useful to other people. Not as production code but as a reference or starting point they can use to build (collaboratively with claude code) functional custom software for themselves.
I spent a weekend giving instructions to coding agents to build this. I put time and effort into the architecture, especially in relation to security. I chose to post while it's still rough because I need to close out my work on it for now - can't keep going down this rabbit hole the whole week :) I hope it will be useful to others.
BTW, I know the readme irked you but if you read it I promise it will make a lot more sense where this project is coming from ;)
I don't mind it if I have good reason to believe the author actually read the docs, but that's hard to know from someone I don't know on the internet. So I actually really appreciate if you are editing the docs to make them sound more human written.
I use this stuff heavily and I have some libraries I use that are very effective for me that I have fully vibed into existence. But I would NOT subject someone else to them, I am confident they are full of holes once you use them any differently than I do.
The truth about vibe coding is that, fundamentally, it’s not much more than a fast-forward button: ff you were going to write good code by hand, you know how to guide an LLM to write good code for you. If, given infinite time, you would never have been able to achieve what you’re trying to get the LLM to do anyway, then the result is going to be a complete dumpster load.
It’s still garbage in, garbage out, as it’s always been; there’s just a lot more of it now.
You get paid to get stuff done, period.
Firm no. There should be and there will continue to be. Maybe for you all code is business/money-making code, but that is not true for everyone.
> We use computers to solve problems.
We can use computers for lots of things like having fun, making art, and even creating problems for other people.
> You get paid to get stuff done, period.
That is a strange assumption. Plenty of people are writing code without being paid for it.
This is rhetorically a non sequitur. As in, if you get paid (X) then you get stuff done (Y). But if you're not paid (~X), then, ?
Not being paid doesn't mean one does or doesn't get stuff done, it has no bearing on it. So the parent wasn't saying anything about people who don't get paid, they can do whatever they want, but yes, at a job if you're paid, then you better get stuff done over bikeshedding.
I'm reminded of this: https://xkcd.com/1205/
Just don't bring an artisan to a slop fight.
For a long time that place has been "the commercial software marketplace". Let's all stop pretending that the code coming out of shops until now has been something you'd find at a guild craft expo. It's always been a ball of spit and duct tape, which is why AI code is often spit and duct tape.
Hell even art! Why should art even be a thing? We are machine driven by neurons, feelings do not exist.
Might be your life, it ain’t mine. I’m an artisan of code, and I’m proud to be one. I might finally use AI one of these days at work because I’ll have to, but I’ll never stop cherishing doing hand-crafted code.
That's funny you bring up those examples, because they have all moved on to the mass manufacturing era. You can still get artisan quality stuff but it typically costs a lot more and there's a lot less of it. Which is why mass-manufacturing won. Same is going to happen with software. LLMs are just the beginning.
I live in a city where there are new houses being built. They are ugly. Meanwhile, the ones that exist since a long time ago have charm and feel homely.
I don’t know, I‘m probably just a regular old man yelling at clouds, but I still think we’re going in the wrong direction. For pretty much everything. And for what? Money. Yay!
Hugh.
[0] I'm extremely aware that there are other contributing factors to housing shortages. Tax Billionaires, etc. My metaphor still works despite not being total.
The majority of code work is maintaining someone else's code. That's the reason it is "nicer".
There is also the matter of performance and reducing redundancy.
Two recent pulls I saw where it was AI generated did neither. Both attempted to recreate from scratch rather than using industry tested modules. One was using csv instead of polars for the intensive work.
So while they worked, they became an unmaintainable mess.
For a long time computers were so expensive they could only be used to do things that generate enough money to justify their purchase. But those days are long gone so computers are for much much more than just solving problems and getting stuff done. Code can be beautiful in its own right.
It sounds like you hate your job? To be sure, I've done plenty of grinding over my career as a software engineer but in fact I coded as a hobby before it turned into a career, I then continued to code on the side, now I am retired and code still.
Perhaps the artist in me that keeps at it.
But I just don't care if I have 5 layers of abstraction and SOLID principles and clean code and.... bah. I get it. I have an MSc in it and I've been doing this as a hobby and then professionally for decades now. It just doesn't matter. At the end of the day, we get paid to ship something that solves a problem.
It might be a novel problem. And it might be at the frontier of what we can do today. But it's still a problem that needs solving and the path we take is irrelevant from a user's perspective as long as it solves the problem.
Yeah, to hell with code reviews. The best years of my career were when I was given carte blanche control over an entire framework, etc. When code reviews came along coding at work sucked.
If anything, the code reviews killed the artisanship.
And it reminds me of a comment I saw in a thread 2 days ago. One about how RAPIDLY ITERATIVE the environment is now. There area lot of weekend projects being made over the knee of a robot nowadays and then instantly shared. Even OpenClaw is to a great extent, an example of that at its current age. Which comes in contrast to the length of time it used to take to get these small projects off the ground in the past. And also in contrast with how much code gets abandoned before and after "public release.
I'm looking at AI evangelists and I know they're largely correct about AI. I also look at what the heck they built, and either they're selling me something AI related, or have a bunch of defunct one-shot babies or mostly tools so limited in scope they server only themselves with it. We used to have a filter for these things. Salesmen always sold promises, so, no change there, just the buzzwords. But the cloutchasers? Those were way smaller in number. People building the "thing" so the "thing" exists mostly stopped before we ever heard of the "thing", because, turns out, caring about the "thing" does not actually translate to the motivation to getting it done. Or Maintain it.
What we have now is a reverse survivorship bias.
OOP stating they don't care about the state of their code during their public release, means I must assume they're a Cloutchaser. Either they don't care because they know they can do better which means they shared something that isn't their best, so their motivation with the comment is to highlight the idea. They just wanted to be first. Clout. Or they don't exactly concern with if they can as they just don't care about code in general and just want the product, be it good or be it not. They believe in the idea enough they want to ensure it exists, regardless of what's in the pudding. Which means to me, they also don't care to understand what's in the ingredient list. Which means they aren't best to maintain it. And that latter is the kind that, before the LLM slop was a concept in our minds, were precisely ones among the people who would give up half way through Making The "Thing".
See you in 16 weeks OP. I'll eat my shoe then.
Faster delivery of a project being better for engineering is obviously one of the most important things because it gives you back time to invest in other parts of your project. All engineering is trade-offs. Being faster at developing basic code is better, the end. If nothing else you can now spend more time on requirements and on a second iteration with your customer.
That is until you get so deep in code debt that you cannot move anymore.
There is an equilibrium to be found. Faster is not always better, and trying to have every single line perfect is not good either.
Well, we make software, at any rate.
Most of the time that's pretty divorced from capital-E engineering, which is why we get to be cavalier about the quality of the result - let me know how you feel about the bridges and tunnels you drive on being built "as fast as possible, to hell with safety"
The invention of calculators and computers also left the human artisan era of slide rules, calculation charts and accounting. If that's really what you care about, what are you even doing here?
As I said in my comment, no shade for writing the code with Claude. I do it too, every day.
I wasn’t “irked” by the readme, and I did read it. But it didn’t give me a sense that you had put in “time and effort” because it felt deeply LLM-authored, and my comment was trying to explore that and how it made me feel. I had little meaningful data on whether you put in that effort because the readme - the only thing I could really judge the project by - sounded vibe coded too. And if I can’t tell if there has been care put into something like the readme how can I tell if there’s been care put into any part of the project? If there has and if that matters - say, I put care into this and that’s why I’m doing a show HN about it - then it should be evident and not hidden behind a wall of LLM-speak! Or at least; that’s what I think. As I said in a sibling comment, maybe I’m already a dinosaur and this entire topic won’t matter in a few years anyway.
"I find your email deeply ensloping."
"This marketing campaign is going to enslope a lot of people."
"Feeling ensloped, I closed Instagram and looked out the window".
I get using AI, I do all day everyday day it feels like, but this comes off as not having respect for others time.
Just something that screams "I don't care about my product/readme page, why should you".
To be clear, no issue with using AI to write the actual program/whatever it is. It's just the readme/product page which super turns me off even trying/looking into it.
"I couldn't be bothered to write a proper README, so I had the AI do it"
Before the proof of work of code in a repo by default was a signal of a lot of thought going into something. Now this flood of code in these vibe coded projects is by default cheap and borderline meaningless. Not throwing shade or anything at coding assistants. Just the way it goes
Not one line of code I wrote 20 years ago has the same economic value as East German currency.
All code is social ephemera. Ethno objects. It lacks intrinsic value of something like indoor plumbing.
It's electrical state in a machine. Our only real goal was convince people the symbols on the screen were coupled to some real world value while it is 100% decoupled from whatever real physical quantity we are tracking.
We all been Frank from Always Sunny; we make money, line go up. We don't define truth. The churn of physics does that.
Why not, if they're making people read AI slop without checking it first? They deserve the shit-nudge to fix it.
Just consider what a bigger AI shit show vortex we are looking at, where this project only exists because of other ill considered AI slop projects. But at the same time, AI is not going anywhere and it does have the potential to massively “improve” things.
I believe it’s really just that we are going through adaptation pains, with everyone really just being sloppy for all the same kinds of reasons that people were sloppy before AI. It’s not like even the biggest corporations didn’t create sloppy messes before AI. Microsoft is a canonical example of this whole notion for basically its whole existence; poorly conceived, sloppily executed, even its core product line being so inherently insecure that it has not just spun up its own separate sectors of industries, but multiple sectors of industries around patching the security sieve called Microsoft, something akin to a monopoly on plumbing created from wire mesh.
It is making me think of how to increase the quality of my QA and final review process though. But frankly, I think we will soon fondly reminisce about a time when AI still produced slop and a human was actually useful and even needed to do QA and final review; as bleak as that sounds. I don’t see how that will not be the case within two years from now, and that’s probably being generous, as fast as things have been developing.
so long as this is commonplace I'd be extremely sceptical of anything with some LLM-style readmes and docs
the caveats to this is that LLMs can be trained to fool people with human-sounding and imperfectly written readmes, and that although humans can quickly oversee that things compile and seem to produce the expected outputs, there's deeper stuff like security issues and subtle userspace-breaking changes
track-record is going to see its importance redoubled
Might've been a typo they've since fixed.
>I am, as many senior-leaning engineers are, ambivalent about whether AI is making us more productive coders
It isn’t “have it your way”, he graciously made code available, use it or leave it.
Don't worry, bro. If enough people are like you, there will be fully automatic workflow to add typos into AI writing.
Assuming the written/generated text is well written/generated, of course.
(I'm a human btw)
A hundred times this. It's fine until it isn't. And jacking these Claws into shared conversation spaces is quite literally pushing the afterburners to max on simonw's lethal trifecta. A lot of people are going to get burned hard by this. Every blackhat is eyes-on this right now - we're literally giving a drunk robot the keys to everything.
Who are you going to arrest and/or sue when you run a chat bot "at your own risk" and it shoots you in the foot?
This is the calculus that large companies use all the time when committing acts that are 'most likely' illegal. While they may be fined million of dollars they at least believe they'll make 10s to 100s of millions on said action.
Now, for you as an individual things are far more risky.
You don't have a nest of heathen lawyers to keep you out of trouble.
You can't bully nation states, government entities, or even other large companies.
You individually may be held civilly or criminally liable if things go bad enough.
The point is to recognise that certain patterns has a cost in the form of risks, and that cost can be massively outsize of the benefits.
Just as the risk of giving a poorly vetted employee unfettered access to the company vault.
In the case of employees, businesses invest a tremendous amount of money in mitigating the insider risks. Nobody is saying you should take no risks with AI, but that you should be aware of how serious the risks are, and how to mitigate them or manage them in other ways.
Exactly as we do with employees.
As a former (bespoke) WP hosting provider, I'd counter those usually did. Not sure I ever met a prospective "online" business customer's build that didn't? They'd put their entire business into WP installs with plugins for everything.
Our step one was to turn WP into static site gen and get WP itself behind a firewall and VPN, and even then single tenant only on isolated networks per tenant.
To be fair that data wasn't ALL about everyone's PII — until by ~2008 when the Buddy Press craze was hot. And that was much more difficult to keep safe.
1. what if, ChadGPT style, ads are added to the answers (like OpenAI said it'd do, hence the new "ChadGPT" name)?
2. what if the current prices really are unsustainable and the thing goes 10x?
Are we living some golden age where we can both query LLMs on the cheap and not get ad-infected answers?
I read several comments in different threads made by people saying: "I use AI because search results are too polluted and the Web is unusable"
And I now do the same:
"Gemini, compare me the HP Z640 and HP Z840 workstations, list the features in a table" / "Find me which Xeon CPU they support, list me the date and price of these CPU when they were new and typical price used now".
How long before I get twelve ads along with paid vendors recommendations?
Where does this idea come from? We know how much it costs to run LLMs. It's not like we're waiting to find out. AI companies aren't losing money on API tokens. What could possibly happen to make prices go 10x when they're already running at a profit? Claude Max might be a different story, but AI is going to get cheaper to run. Not randomly 10x for the same models.
Sam Altman has made similar statements, and Chinese companies also often serve their models very cheaply. All of this makes me believe them when they say they are profitable on API usage. Usage on the plans is a bit more unknown.
We can see from inference costs at third party providers that the inference is profitable enough to sustain even third party providers of proprietary models that they are undoubtedly paying licensing/usage fees for, and so these models won't go away.
They spend money on growth and new models. At some point that will slow and then they’ll start to spend less on R&D and training. Competition means some may lose, but models will continue to be served.
Sam Altman got fired by his own board for dishonesty, and a lot of the original OpenAI people have left. I don't know the guy, but given his track record I'm not sure I'd just take his word for it.
As for chinese models..: https://www.wheresyoured.at/the-enshittifinancial-crisis/#th...
From the article:
> You’re probably gonna say at this point that Anthropic or OpenAI might go public, which will infuse capital into the system, and I want to give you a preview of what to look forward to, courtesy of AI labs MiniMax and Zhipu (as reported by The Information), which just filed to go public in Hong Kong.
> Anyway, I’m sure these numbers are great-oh my GOD!
> In the first half of this year, Zhipu had a net loss of $334 million on $27 million in revenue, and guess what, 85% of that revenue came from enterprise customers. Meanwhile, MiniMax made $53.4 million in revenue in the first nine months of the year, and burned $211 million to earn it.
Furthermore, companies which are publicly traded show that overall the products are not economical. Meta and MSFT are great examples of this, though they have recently seen opposite sides of investors appraising their results. Notably, OpenAI and MSFT are more closely linked than any other Mag7 companies with an AI startup.
https://www.forbes.com/sites/phoebeliu/2025/11/10/openai-spe...
> It's hard to say for sure because they don't publish the financials (or if they do, it tends to be obfuscated)
Yeah, exactly. So how the hell the bloggers you read know AI players are losing money? Are they whistleblowers? Or they're pulling numbers out of their asses? Your choice.
Heck we were spoiled by “memory is cheap” but here we are today wasting it at every expense as prices keep skyrocketing (ps they ain’t coming back down). If you can’t see the shift to forceful subscriptions via technologies guised as “security” ie. secure boot and the monopolistic distribution (Apple, Google, Amazon) or the OEM, you’re running with blinders. Computings future as it’s heading will be closed ecosystems that are subscription serviced, mobile only. They’ll nickel and dime users for every nuanced freedom of expression they can.
Is it crazy to correlate the price of memory to our ability to localize LLM?
None of these went 10x. Actually the internet went 0.0001~0.001x for me in terms of bits/money. I lived through dial-up era.
What if a thermonuclear war breaks out? What's your backup plan for this scenario?
I genuinely can't tell which is more likely to happen in the next decade. If I have to guess I'll say war.
- Created its own github account, then proceeded to get itself banned (I have no idea what it did, all it said was it created some new repos and opened issues, clearly it must've done a bit more than that to get banned)
- Signed up for a Gmail account using a pay as you go sim in an old android handset connected with ADB for sms reading, and again proceeded to get itself banned by hammering the crap out of the docs api
- Used approx $2k worth of Kimi tokens (Thankfully temporarily free on opencode) in the space of approx 48hrs.
Unless you can budget $1k a week, this thing is next to useless. Once these free offers end on models a lot of people will stop using it, it's obscene how many tokens it burns through, like monumentally stupid. A simple single request is over 250k chars every single time. That's not sustainable.
Wouldn't a crypto wallet with a small amount deposited be smarter?
> Used approx $2k worth of Kimi tokens
Holy shit dude you really should rethink your life decisions this is NUTS
they paid $0, it's all VC money printing for now
> Skills over features. Contributors shouldn't add features (e.g. support for Telegram) to the codebase. Instead, they contribute claude code skills like /add-telegram that transform your fork.
I’m interested to see how this model pans out. I can see benefits (don’t carry complexity you don’t need) and costs (how do I audit the generated code?).
But it seems pretty clear that things will move in this direction in ‘26 with all the vibe coding that folks are enjoying.
I do wonder if the end state is more like a very rich library of composable high-order abstractions, with Skills for how to use them - rather than raw skills with instructions for how to lossily reconstruct those things.
Apple containers have been great especially that each of them maps 1:1 to a dedicated lightweight VM. Except for a bug or two that appeared in the early releases, things seem to be working out well. I believe not a lot of projects are leveraging it.
A general code execution sandbox for AI code or otherwise that used Apple containers is https://github.com/instavm/coderunner It can be hooked to Claude code and others.
Is this materially different than giving all files on your system 777 permissions?
It's more (exactly?) like pulling a .sh file hosted on someone else's website and running it as root, except the contents of the file are generated by a LLM, no one reads them, and the owner of the website can change them without your knowledge.
Yes, because I can't read or modify your files over the internet just because you chmod'ed them to 777. But with Clawdbot, I can!
Lesson - never trust a sophomore who can’t even trust themselves (to get overly excited and throw caution to the wind).
Clawdbot is a 100 sophomores knocking on your door asking for the keys.
I think most people fail to estimate the real threat that malicious prompts can cause because it is not that common, its like when credit cards were launched, cc fraud and the various ways it could be perpetrated followed not soon after. The real threats aren’t visible yet but rest assured there are actors working to take advantage and many unfortunate examples will be seen before general awareness and precaution will prevail….
Thankfully the official Agent SDK Quickstart guide says that you can: https://platform.claude.com/docs/en/agent-sdk/quickstart
In particular, this bit:
"After installing Claude Code onto your machine, run claude in your terminal and follow the prompts to authenticate. The SDK will use this authentication automatically."
> Unless previously approved, Anthropic does not allow third party developers to offer claude.ai login or rate limits for their products, including agents built on the Claude Agent SDK. Please use the API key authentication methods described in this document instead.
Which I have interpreted means that you can’t use your Claude code subscription with the agent SDK, only API tokens.
I really wish Anthropic would make it clear (and allow us to use our subscriptions with other tools).
> Third-party harnesses using Claude subscriptions create problems for users and are prohibited by our Terms of Service.
thariq did a good intro here https://www.youtube.com/watch?v=TqC1qOfiVcQ
This project uses the Agents SDK so it should be kosher in regards to terms of service. I couldn't figure out how to get the SDK running inside the containers to properly use the authenticated session from the host machine so I went with a hacky way of injecting the oauth token into the container environment. It still should be above board for TOS but it's the one security flaw that I know about (malicious person in a WhatsApp group with you can prompt inject the agent to share the oauth key).
If anyone can help out with getting the authenticated session to work properly with the agents running in containers it would be much appreciated.
Did you get it working in the end? I assume you didn't share your setup/config anywhere?
More or less what it says in the README:
fence -t code -- claude --dangerously-skip-permissions
# cat prompt.md | ralph
function ralph() {
fence -t code -- \
claude --verbose --dangerously-skip-permissions --output-format stream-json -p "$@" \
| jq -r 'select(.type == "assistant") | .message.content[]? | select(.type? == "text") | .text'
}$70 or whatever to check if there's milk... just use your Claude Max subscription.
How wouldn't they know? Claude Code is proprietary they can put whatever telemetry they want in there.
> how are we violating... anything? I'm working within my usage limits...
It's well known that Claude code is heavily discounted compared to market API rates. The best interpretation of this is that it's a kind of marketing for their API. If you are not using Claude code for what it's intended for, then it's violating at least the spirit of that deal.
And apparently it's violating the terms of service. Is it fair and above board for them to ban people? idk, it feels pretty blatantly like control for the sake of control, or control for the sake of lock-in, or those analytics/telemetry contain something awfully juicy, because they're already getting the entire prompt. It's their service to run as they wish, but it's not a pro-customer move and I think it's priming people to jump ship if another model takes the lead.
Last time I checked, having a continuously running background process considered as a daemon. Using SQLite as back-end for storing the jobs also doesn't make it queueless.
/nit
Minor nitpick, it looks like about 2500 lines of typescript (I am on a mobile device, so my LOC estimate may be off). Also, Apple container looks really interesting.