ClawHosters
by Daniel Samer
4 min read
A new open-source AI agent framework called NanoClaw hit 7,000 GitHub stars within its first week of existence. It now sits at over 16,800. The pitch? OpenClaw functionality with actual OS-level container isolation, packed into roughly 3,900 lines of code.
That's not a typo. OpenClaw's codebase spans about 434,000 lines across 3,680 files.
What NanoClaw Actually Does
NanoClaw was built by Gavriel Cohen, a former Wix.com engineer who wanted AI agents on messaging platforms (WhatsApp, Telegram, Discord, Slack, Signal) without the security trade-offs that come with a large, hard-to-audit codebase.
The core idea: every agent session runs inside its own Linux container. Docker on Linux, Apple Container on macOS. Agents can only access directories you explicitly mount. Nothing else on your host machine is reachable.
As Cohen told VentureBeat: "I cannot sleep peacefully when running software I don't understand and that has access to my life."
He has a point. In standard OpenClaw, a family WhatsApp agent and a work code repository agent share the same process and memory space. They're separated by application-level blocks, not OS-level sandboxing. NanoClaw removes that trade-off entirely by giving each agent its own isolated container.
The project hit the Hacker News front page within 48 hours. The New Stack covered it as a countertrend to AI framework bloat, and Cohen and his brother already run their AI agency Qwibit on a NanoClaw instance they named "Andy."
NanoClaw vs OpenClaw: Quick Comparison
| NanoClaw | OpenClaw | |
|---|---|---|
| Codebase | ~3,900 lines, 15 files | ~434,000 lines, 3,680 files |
| Isolation | OS-level containers per agent | Shared process, app-level blocks |
| Dependencies | Fewer than 10 | 70+ |
| Platforms | WhatsApp, Telegram, Discord, Slack, Signal | Same plus more integrations |
| Audit time | ~8 minutes (creator's claim) | Days to weeks |
| Extension model | "Skills" (keeps core small) | Plugin system, growing codebase |
| Maturity | New, rapidly growing | Established, 150,000+ instances |
What This Means for ClawHosters Users
We're not going to pretend NanoClaw doesn't exist. It validates something we already know: developers running AI agents on messaging platforms care about security. A lot.
NanoClaw and ClawHosters approach the same problem differently. NanoClaw strips everything down to a minimal, auditable core and trusts you to manage the infrastructure yourself. ClawHosters gives you the full OpenClaw feature set with managed container isolation, automatic updates, and no exposed gateway. If you're curious about our approach, check our security hardening guide or our managed vs self-hosted comparison.
Both are valid paths. The fact that 16,800 developers starred a project built around "I don't trust my AI agent with my whole machine" probably tells you where the market is heading.
