ThirdBrAIn.tech

Advanced Video Search

NanoClaw - Security-Hardened Personal AI Assistant

5 min read

NanoClaw

Security-focused personal AI assistant with OS-level container isolation - just 500 lines of auditable code

See https://github.com/gavrielcohn/nanoclaw

Features

  • Container-Isolated: Each assistant runs in isolated Linux container (Apple Container on macOS, Docker on Linux)
  • Minimal Codebase: ~500 lines of TypeScript - fully auditable in ~8 minutes
  • Per-Assistant Isolation: Each assistant has dedicated filesystem and memory
  • Multi-Assistant Memory Isolation: Teams of specialized assistants can’t leak data to each other
  • Assistant Swarms: Support for multiple collaborating assistants via Anthropic Agent SDK
  • WhatsApp Integration: Direct messaging interface
  • Scheduled Automation: Recurring tasks and reminders
  • Simple Persistence: SQLite for transparent state storage
  • Code-Based Customization: Modify code directly instead of configuration sprawl
  • Skills-Based Extension: AI-native extensions via Claude Code

Superpowers

Fortress Security: OS-level container isolation is the strongest security boundary. If something goes wrong with your assistant, damage is contained to that assistant’s isolated box - can’t escape to host system or other assistants’ data.

Fully Auditable: 500 lines of code vs 430,000+ in alternatives. You can understand the entire assistant in 8 minutes.

Radical Simplicity: No hidden complexity, no mystery dependencies, no technical debt.

Sleep Peacefully: Creator Gavriel Cohen built this because “I cannot sleep peacefully when running software I don’t understand and that has access to my life.”

Safe Swarms: Multiple assistants (e.g., one for finance, one for personal, one for work) can run simultaneously without sharing memory.

Perfect Control: Code modifications replace configuration complexity.

Architecture

Minimal Design:

  • Single Orchestrator for state and messaging
  • WhatsApp integration via Baileys
  • SQLite for conversation storage
  • Container runner for isolated execution
  • Scheduler for recurring tasks

Security Model:

  • Each assistant → isolated Linux container
  • Only accesses directories you explicitly mount
  • Commands execute in container, not on host
  • Per-assistant isolation (swarms can’t cross-contaminate)
  • Filesystem boundaries enforced by OS kernel

Skills-Based Extensions:
Instead of traditional code contributions, write a Skill - an instruction file that teaches Claude Code how to enhance your assistant.

Example: /add-telegram command → Claude Code reads skill → customizes your installation with Telegram support.

Security Architecture

Container Isolation (Strongest Available):

  • Assistant runs in isolated Linux container
  • Completely separate filesystem
  • Completely separate memory
  • Only mounted directories are accessible
  • Shell commands execute in container, not on host
  • Compromise can’t spread to host or other assistants

Per-Assistant Isolation:

  • Multiple assistants → multiple containers
  • Prevents memory sharing
  • Blocks data leakage between assistants
  • Enforced by OS kernel

Radical Transparency:

  • 500 lines (fully readable)
  • No external dependencies to vet
  • No hidden behaviors
  • Verification possible in hours

Limitations

⚠️ WhatsApp Primary: Main interface; other platforms via Skills
⚠️ Simpler Capabilities: Less browser automation than OpenClaw
⚠️ Newer Ecosystem: Smaller community than OpenClaw
⚠️ Claude Code Dependency: Extensions require Claude Code access
⚠️ Early Stage: Still being hardened for production use
⚠️ Linux/macOS Only: Requires container runtime

Deployment

Requirements:

  • macOS or Linux
  • Node.js v20+
  • Claude Code access
  • Container runtime (Docker on Linux, Apple Container on macOS)

Setup Time: ~10-15 minutes (Claude Code handles automation)

Hardware: Raspberry Pi 4+ or mid-range laptop (~$200-300)

Memory: 100-500MB RAM

Model Support

Models supported by Anthropic Agent SDK:

  • Claude Sonnet/Opus
  • Can invoke other models through Claude’s tools
  • Full flexibility via Claude Code

Use Cases

  • Personal Secure Assistant: Private, fully-understood digital assistant
  • Privacy-Critical Work: Sensitive data stays under your control
  • Home Automation: Container-isolated task execution
  • Multi-Role Assistants: Finance assistant, personal assistant, work assistant - all isolated
  • Self-Healing: Assistant can refactor its own code to improve future performance
  • Real Example: “Andy” sends daily briefings on team leads, parses messy WhatsApp notes, updates Obsidian vault, manages reminders, reviews git history

Pricing

Software: Free and open-source

Costs:

  • Hardware: ~$200-300 (Raspberry Pi 4, NUC, or laptop)
  • AI API: Pay-as-you-go (Claude, OpenAI, etc.)

Comparisons

  • vs OpenClaw: 500 lines vs 430K+; security-first vs feature-first
  • vs PicoClaw: Full assistant vs minimal embedded tool
  • vs Kimi Claw: Self-hosted + full control vs managed convenience

Strengths

✅ OS-level security (container isolation)
✅ Fully auditable code (500 lines, 8 minutes)
✅ No hidden dependencies or functionality
✅ Multi-assistant swarms with isolation
✅ Direct code customization
✅ Peace of mind for security-conscious users
✅ Complete transparency

Limitations

⚠️ Smaller community/ecosystem than OpenClaw
⚠️ WhatsApp as primary interface
⚠️ Less sophisticated automation
⚠️ Requires Claude Code for extensions
⚠️ Alpha/beta maturity (not production-hardened yet)
⚠️ Requires container runtime (Docker/Apple Container)

Getting Started

  1. Setup: macOS/Linux, Node.js 20+, Claude Code
  2. Clone: Repository from GitHub
  3. Initialize: Claude Code handles dependencies and container setup
  4. Connect: Link WhatsApp account
  5. Use: Start chatting with secure assistant

Real-World Example

“Andy” Multi-Purpose Assistant:

  • Sends daily briefings (Sunday-Friday, 9 AM)
  • Lists team lead statuses
  • Assigns tasks to team members
  • Team forwards messy WhatsApp notes/emails to admin group
  • Andy parses inputs → updates Obsidian vault or SQLite
  • Sets automated follow-up reminders
  • Weekly: Reviews git history for documentation drift
  • Continuously: Refactors own functions to improve ergonomics

All isolated in containers - operations can’t interfere with each other.

Technical Requirements

macOS:

  • Apple Container runtime
  • Node.js 20+
  • Claude Code

Linux:

  • Docker
  • Node.js 20+
  • Claude Code

All:

  • 100-500MB RAM
  • Modest CPU (multi-core nice, single-core OK)

Filter Videos

Tags

Advanced Tag Filters

Channels

Favorites

Active list: Quick Saves

This list is empty

Browse videos and save them to a list to get started

Recent Updates

See 747 more →

Backlinks