The speedy viral adoption of Austrian developer Peter Steinberger's open supply AI assistant OpenClaw in latest weeks has despatched enterprises and indie builders right into a tizzy.
It's simple to simple why: OpenClaw is freely out there now and presents a strong technique of autonomously finishing work and performing duties throughout a consumer's total pc, cellphone, and even enterprise with pure language prompts that spin up swarms of brokers. Since its launch in November 2025, it's captured the market with over 50 modules and broad integrations — however its "permissionless" structure raised alarms amongst builders and safety groups.
Enter NanoClaw, a lighter, safer model which debuted underneath an open supply MIT License on January 31, 2026, and achieved explosive progress—surpassing 7,000 stars on GitHub in simply over every week.
Created by Gavriel Cohen—an skilled software program engineer who spent seven years at web site builder Wix.com—the undertaking was constructed to deal with the "safety nightmare" inherent in complicated, non-sandboxed agent frameworks. Cohen and his brother Lazer are additionally co-founders of Qwibit, a brand new AI-first go-to-market company, and vice chairman and CEO, respectively, of Concrete Media, a revered public relations agency that always works with tech companies coated by VentureBeat.
NanoClaw’s quick answer to this architectural anxiousness is a tough pivot towards working system-level isolation. The undertaking locations each agent inside remoted Linux containers—using Apple Containers for high-performance execution on macOS or Docker for Linux environments.
This creates a strictly "sandboxed" atmosphere the place the AI solely interacts with directories explicitly mounted by the consumer.
Whereas different frameworks construct inside "safeguards" or application-level allowlists to dam sure instructions, Gavriel maintains that such defenses are inherently fragile.
"I'm not working that on my machine and letting an agent run wild," Cohen defined throughout a latest technical interview. "There's at all times going to be a method out in case you’re working instantly on the host machine. In NanoClaw, the 'blast radius' of a possible immediate injection is strictly confined to the container and its particular communication channel."
A safer basis for agentic autonomy
The technical critique on the coronary heart of NanoClaw’s improvement is one in every of bloat and auditability. When Cohen first evaluated OpenClaw (previously Clawbot), he found a codebase approaching 400,000 traces with a whole lot of dependencies.
Within the fast-moving AI panorama, such complexity is an engineering hurdle and a possible legal responsibility.
"As a developer, each open supply dependency that we added to our codebase, you vet. You have a look at what number of stars it has, who’re the maintainers, and if it has a correct course of in place," Cohen notes. "When you could have a codebase with half one million traces of code, no one's reviewing that. It breaks the idea of what individuals depend on with open supply".
NanoClaw counters this by decreasing the core logic to roughly 500 traces of TypeScript. This minimalism ensures that all the system—from the state administration to the agent invocation—might be audited by a human or a secondary AI in roughly eight minutes.
The structure employs a single-process Node.js orchestrator that manages a per-group message queue with concurrency management.
As an alternative of heavy distributed message brokers, it depends on SQLite for light-weight persistence and filesystem-based IPC. This design alternative is intentional: by utilizing easy primitives, the system stays clear and reproducible.
Moreover, the isolation extends past simply the filesystem. NanoClaw natively helps Agent Swarms through the Anthropic Agent SDK, permitting specialised brokers to collaborate in parallel. On this mannequin, every sub-agent in a swarm might be remoted with its personal particular reminiscence context, stopping delicate information from leaking between totally different discussion groups or enterprise features.
The product imaginative and prescient: Expertise over options
One of the crucial radical departures in NanoClaw is its rejection of the standard "feature-rich" software program mannequin. Cohen describes NanoClaw as "AI-native" software program—a system designed to be managed and prolonged primarily by AI interplay reasonably than handbook configuration.
The undertaking explicitly discourages contributors from submitting PRs that add broad options like Slack or Discord help to the primary department. As an alternative, they’re inspired to contribute "Expertise"—modular directions housed in .claude/abilities/ that train a developer's native AI assistant learn how to rework the code.
"In order for you Telegram, rip out the WhatsApp and put in Telegram," Cohen says. "Each individual ought to have precisely the code they should run their agent. It’s not a Swiss Military knife; it’s a safe harness that you just customise by speaking to Claude Code".
This "Expertise over Options" mannequin implies that a consumer can run a command like /add-telegram or /add-gmail, and the AI will rewrite the native set up to combine the brand new functionality whereas conserving the codebase lean. This system ensures that if a consumer solely wants a WhatsApp-based assistant, they aren't compelled to inherit the safety vulnerabilities of fifty different unused modules.
Actual-world utility in an AI-native company
This isn't merely a theoretical experiment for the Cohen brothers. Their new AI go-to-market company Qwibit makes use of NanoClaw—particularly a private occasion named "Andy"—to run its inside operations.
"Andy manages our gross sales pipeline for us. I don't work together with the gross sales pipeline instantly," Cohen defined.
The agent offers Sunday-through-Friday briefings at 9:00 AM, detailing lead statuses and assigning duties to the staff.
The utility lies within the friction-less seize of knowledge. All through the day, Lazer and Gavriel ahead messy WhatsApp notes or e-mail threads into their admin group.
Andy parses these inputs, updates the related information in an Obsidian vault or SQLite database, and units automated follow-up reminders.
As a result of the agent has entry to the codebase, it may also be tasked with recurring technical jobs, corresponding to reviewing git historical past for "documentation drift" or refactoring its personal features to enhance ergonomics for future brokers.
Strategic analysis for the enterprise
Because the tempo of change accelerates in early 2026, technical decision-makers are confronted with a basic alternative between comfort and management. For AI engineers targeted on speedy deployment, NanoClaw presents a blueprint for what Cohen calls the "finest harness" for the "finest mannequin".
By constructing on prime of the Claude Agent SDK, NanoClaw offers a pathway to leverage state-of-the-art fashions (like Opus 4.6) inside a framework {that a} lean engineering staff can truly keep and optimize.
From the attitude of orchestration engineers, NanoClaw’s simplicity is its biggest asset for constructing scalable, dependable pipelines.
Conventional, bloated frameworks usually introduce budget-draining overhead by complicated microservices and message queues.
NanoClaw’s container-first strategy permits for the implementation of superior AI applied sciences—together with autonomous swarms—with out the useful resource constraints and "technical debt" related to 400,000-line legacy techniques.
Maybe most critically, for safety leaders, NanoClaw addresses the "a number of tasks" of incident response and organizational safety.
In an atmosphere the place immediate injection and information exfiltration are evolving day by day, a 500-line auditable core is much safer than a generic system attempting to help each use case.
"I like to recommend you ship the repository hyperlink to your safety staff and ask them to audit it," Cohen advises. "They will evaluation it in a day—not simply learn the code, however whiteboard all the system, map out the assault vectors, and confirm it’s secure".
Finally, NanoClaw represents a shift within the AI developer mindset. It’s an argument that as AI turns into extra highly effective, the software program that hosts it ought to develop into easier. Within the race to automate the enterprise, the winners will not be those that undertake essentially the most options, however those that construct upon essentially the most clear and safe foundations.
