Nanoclaw
Secure, lightweight open-source AI agent for WhatsApp, Telegram & Slack – runs in Docker containers.
NanoClaw is the go-to choice for developers who want a fully auditable AI agent with real container isolation. Its skill-based architecture and credential vault are genuine differentiators, but the Docker requirement and CLI-only setup limit its appeal to non-technical users. Pick it if you value understanding and controlling every part of your assistant.
- Developers wanting a customizable, lightweight AI agent they can fully audit
- Teams needing container-isolated agents for security and privacy
- Users who prefer text-based configuration and CLI over GUI dashboards
- Anthropic SDK users looking to extend agent capabilities with custom channels and providers
- Non-technical users looking for a plug-and-play assistant with a GUI
- Users requiring a graphical admin dashboard or multi-tenant management
- Organizations that cannot run Docker containers (e.g., restricted environments)
We scan live Reddit threads, YouTube comments, X posts, G2 reviews and other communities — and hand you an honest verdict in under a minute.
- Honest verdict, not marketing
- Real pros & cons from real users
- Attributed quotes with receipts
3 free scans · no card needed
In short
Nanoclaw — Secure, lightweight open-source AI agent for WhatsApp, Telegram & Slack – runs in Docker containers. Best for Developers wanting a customizable, lightweight AI agent they can fully audit, Teams needing container-isolated agents for security and privacy, Users who prefer text-based configuration and CLI over GUI dashboards. Free to use.
What's new in Nanoclaw
Checked 14 days agoAcross the latest 6 updates: 6 feature updates.
How to Deploy NanoClaw on exe.dev
Step-by-step guide to deploying NanoClaw on exe.dev.
NanoClaw V2: Human-in-the-loop approvals and Agent to Agent collaboration
NanoClaw V2 adds human-in-the-loop approvals and agent-to-agent communication.
NanoClaw Adopts OneCLI Agent Vault
NanoClaw agents use OneCLI's Agent Vault for credential injection and policies.
Run NanoClaw in Docker Sandboxes with One Command
Each agent gets an isolated container inside a micro VM; no dedicated hardware needed.
NanoClaw has no features (and that's a good thing)
NanoClaw uses skills instead of features, enabling ultra-bespoke software per user.
Don't trust AI agents
Advocates architecture that makes trust unnecessary for AI agent security.
Viability Score
How likely is Nanoclaw to still be operational in 12 months? Based on 4 signals — momentum (how recently it shipped), wrapper dependency, revenue model, and web presence.
Last calculated: July 2026
How we score →Key Features
- Multi-channel messaging via WhatsApp, Telegram, Slack, Discord, Microsoft Teams, iMessage, Matrix, Google Chat, Webex,
- Per-agent container isolation using Docker (macOS, Linux, WSL2) with optional Apple Container for macOS
- Docker Sandbox micro-VM isolation for each agent group
- Per-agent workspace with own CLAUDE.md, memory, and mounts
- Scheduled tasks for recurring jobs (morning briefings, weekly reviews)
- Skill-based architecture: install channels and providers on demand with /add-<name> commands
- Credential security via OneCLI Agent Vault (outbound credential injection, rate limits, per-agent policies)
- Human-in-the-loop approvals for sensitive actions (V2)
- Agent-to-agent communication (V2)
- Support for Anthropic Claude Agent SDK, OpenAI, Google, DeepSeek, OpenRouter, Ollama (local models)
- Scripted install (bash nanoclaw.sh) with Claude Code fallback for troubleshooting
- Self-registering extensions for channels and providers
- Single process Node.js host with per-session SQLite databases
- Entity model routing: user → messaging group → agent group → session
About Nanoclaw
NanoClaw is a lightweight, open-source personal AI agent that runs securely in Docker containers on your own machine. Designed for developers and teams who prioritize privacy, auditability, and control, it connects to major messaging platforms including WhatsApp, Telegram, Slack, Discord, Microsoft Teams, iMessage, Matrix, Google Chat, Webex, Linear, GitHub, and WeChat. Unlike monolithic frameworks, NanoClaw uses a single Node.js host to orchestrate per-session agent containers, each with its own CLAUDE.md, memory, and skills – ensuring complete isolation. Credentials are never stored inside agents; outbound requests route through OneCLI's Agent Vault for injection at request time. The philosophy is "skills over features": the trunk ships only the registry and infrastructure; users install exactly the channels and providers they need via /add-<name> commands. This results in ultra-bespoke software where every user has only the features they need, with a codebase that's easy to understand (8 minutes to understand rather than 1-2 weeks for OpenClaw). Key features include multi-channel messaging, container isolation, scheduled tasks, and human-in-the-loop approvals. NanoClaw is built on Anthropic's Claude Agent SDK and supports alternative providers like OpenAI, Google, DeepSeek, and local models via OpenRouter or Ollama. It's MIT-licensed on GitHub with over 30.3k stars. Positioned as the nimble, security-conscious alternative to OpenClaw, it trades GUI ease for unparalleled transparency and control.
Behind the Verdict
NanoClaw earns its place by solving a problem many AI agent projects ignore: trust. By running each agent group in its own Docker container and routing credentials through OneCLI's Agent Vault, it ensures that even compromised agents can't leak API keys or access other sessions. The codebase is genuinely small – a few dozen source files compared to OpenClaw's thousands – making it feasible for a single developer to audit. That's rare and valuable. For whom does this matter most? Developers building internal tools or personal assistants where security is a concern, or teams that need to run multiple isolated agents for different clients or projects. The skill-based install model (like /add-whatsapp) keeps local forks clean, which is a big plus for maintainers. However, NanoClaw isn't for everyone. It requires Docker, Node.js, and comfort with the command line. There is no GUI, no admin dashboard, and no multi-tenant management. Setting up channels like WhatsApp or Telegram involves scanning QR codes or configuring tokens – it's not a 5-minute cloud deploy. Teams that need centralized user management or non-technical team members to administer agents should look elsewhere. The closest alternative is OpenClaw, but that comparison is exactly what NanoClaw is designed to avoid. OpenClaw is monolithic, shared-memory, and application-level permission checks; NanoClaw is containerized, process-isolated, and auditable. If you need a large ecosystem of pre-built integrations or a plug-and-play experience, OpenClaw or a managed service might be better. But if isolation and auditability trump all other concerns, NanoClaw wins. One caveat: the V2 features (human-in-the-loop approvals, agent-to-agent communication) are new and may still mature. Also, the credential vault
Researching Nanoclaw? Get your full AI stack in 60 seconds.
Free, no signup — tell us your goal and get tools matched to your budget & existing stack.
Use Cases
- Deploy a secure, containerized AI agent for your team on WhatsApp and Slack.
- Run scheduled morning briefings that summarize your email and calendar.
- Isolate each client's agent in its own container for privacy compliance.
- Use skills to add new messaging channels without bloating your codebase.
- Enable human-in-the-loop approval for sensitive actions like sending emails.
Models Under the Hood
Limitations
- NanoClaw requires Docker (or WSL2 on Windows) and CLI proficiency; no web or mobile UI.
- Setup involves Git and potentially one-time approval steps via/exe.dev.
- The Agent Vault integration is external and may have its own rate limits.
- Agent isolation means each session uses separate containers, which can increase resource usage compared to shared-process alternatives.
12-month cost
Project the real annual outlay, including the implied monthly cost when only an annual tier is published.
Vendor list price only. Add-on usage, seat overages, and contract minimums are surfaced under Hidden costs & gotchas.
Integrations
Resources & Guides
Official links
Featured Head-to-Head Comparisons
Popular in Developer Infrastructure
Temporal AI
Durable execution platform for building reliable AI agents and workflows.
Spider Cloud
Fast web crawling, scraping & search API for AI agents
Presto Voice
Drive-thru voice AI automation for QSR chains to boost revenue and efficiency.
Frequently Asked Questions
Best-of guides
Used Nanoclaw? Help shape our editorial sentiment research.