Show HN: NanoClaw – “Clawdbot” in 500 lines of TS with Apple container isolation

Posted by jimminyx 5 days ago

Show HN: NanoClaw – “Clawdbot” in 500 lines of TS with Apple container isolation(github.com)

I’ve been running Clawdbot for the last couple weeks and have genuinely found it useful but running it scares the crap out of me.

OpenClaw has 52+ modules and runs agents with near-unlimited permissions in a single Node process. NanoClaw is ~500 lines of core code, agents run in actual Apple containers with filesystem isolation. Each chat gets its own sandboxed context.

This is not a swiss army knife. It’s built to match my exact needs. Fork it and make it yours.

527 points | 224 commentspage 3

river_otter 4 days ago|

Great idea and name the danger here which I'll be interested to track is how do you keep this "nano"? Since it's built for you, you'll continue adding features i assume which over time will make this not very nano. I guess I'm wondering if there could be some small design tweaks of the repo that make this usable as a long term "fork the base and make it your own" concept

jimminyx 4 days ago||

I will keep the source code as a minimal implementation that has the core capabilities that made Clawdbot/OpenClaw useful: chat with it via messaging app (only one channel included out of the box), memory (minimal implementation that leverages CLAUDE.md and the filesystem), cron jobs, browser.

If I want to add additional capabilities for myself, I'll contribute them to the project as skills for claude code to modify the code base, rather than directly to the source. I actually want to reduce the size of the base implementation and have a PR open to strip out 300-400 LOC

stronglikedan 4 days ago||

A personal implementation will always be "nano" compared to the full OpenClaw suite. As with literally everything, it's all relative.

deadbabe 4 days ago||

To those who complain about these bots and the security concerns they raise, you basically have two options:

1. You can live in the future, and be at the bleeding edge of the latest AI tech, reaping the benefits. Be part of the solution.

2. You can stay in the past and get left behind, at the mercy of those who took the risks.

mathfailure 4 days ago|

The 2. Thank you.

chaostheory 5 days ago||

For anyone else worried about running openclaw, in my case I just bought openclaw its Mac mini and I gave openclaw its own accounts including GitHub. It makes many of the security concerns moot. Of course, I could go further and give openclaw its own internet access as well.

aitchnyu 5 days ago||

That Baileys api for Whatsapp may (AFAICT) put you in thin ice with Meta. Is there a cheap legit alternative?

https://baileys.wiki/docs/intro/

dandaka 5 days ago|

I was using WAHA. It is an abstraction layer with a proper API on top. It supports many engines like Baileys and Whatsmeow (golang).

Unfortunately, all those solutions are shaky and could lead to a ban on your account.

https://waha.devlike.pro/

cyanydeez 5 days ago||

The singularity, but instead successive exponential improvement, its excessive exponential slop which passes the Turing test for programmers.

ramoz 4 days ago||

Not seeing how the sandbox prevents anything really. The point of OpenClaw is to connect out to different systems.

FreePalestine1 4 days ago|

Sure but at least it protects against unauthorized free-for-all access on your host system. If you want to explicitly give it access to external APIs over the internet that's a risk you personally are taking. It's really smart to run something like this in a sandbox, especially in the current beta/experimentation phase.

retired 4 days ago||

I looked at Clawdbot. Perhaps my life is so boring that managing it takes little time but I see zero reasons to run it.

written-beyond 4 days ago|

I read your comment, then your username. I CAN'T BELIEVE THIS USERNAME WAS CLAIMED 14 DAYS AGO! Good catch!

retired 4 days ago||

Took me around ten minutes of finding a simple username that wasn't taken.

ed_mercer 5 days ago||

If you run openclaw on a spare laptop or VM and give it read only access to whatever it needs, doesn’t that eliminate most of the risk?

AlexCoventry 5 days ago|

If you're letting it communicate with the outside world, you risk the leak and abuse of anything sensitive in the data it has access to.

ttul 5 days ago||

s/risk/guarantee (given sufficient time)/

Johnny_Bonk 5 days ago|

Can you use MCP tools? I saw that with open claw they moved away from that which I personally didn't like but

johntash 5 days ago||

I somewhat like the idea of not using MCP as much as it is being hyped.

It's certainly helpful for some things, but at the same time - I would rather improved CLI tools get created that can be used by humans and llm tools alike.

CuriouslyC 5 days ago||

It uses a wrapper in places to consume MCPs as clis.

More comments...