My personal Claude assistant that runs securely in Apple containers. Lightweight and built to be understood and customized for your own needs.

OpenClaw is an impressive project with a great vision. But I can't sleep well running software I don't understand with access to my life. OpenClaw has 52+ modules, 8 config management files, 45+ dependencies, and abstractions for 15 channel providers. Security is application-level (allowlists, pairing codes) rather than OS isolation. Everything runs in one Node process with shared memory.

NanoClaw gives you the same core functionality in a codebase you can understand in 8 minutes. One process. A handful of files. Agents run in actual Linux containers with filesystem isolation, not behind permission checks.

git clone https://github.com/gavrielc/nanoclaw.git
cd nanoclaw
claude

Then run /setup. Claude Code handles everything: dependencies, authentication, container setup, service configuration.

Small enough to understand. One process, a few source files. No microservices, no message queues, no abstraction layers. Have Claude Code walk you through it.

Secure by isolation. Agents run in Linux containers (Apple Container). They can only see what's explicitly mounted. Bash access is safe because commands run inside the container, not on your Mac.

Built for one user. This isn't a framework. It's working software that fits my exact needs. You fork it and have Claude Code make it match your exact needs.

Customization = code changes. No configuration sprawl. Want different behavior? Modify the code. The codebase is small enough that this is safe.

AI-native. No installation wizard; Claude Code guides setup. No monitoring dashboard; ask Claude what's happening. No debugging tools; describe the problem, Claude fixes it.

Skills over features. Contributors shouldn't add features (e.g. support for Telegram) to the codebase. Instead, they contribute skills like /add-telegram that transform your fork. You end up with clean code that does exactly what you need.

Best harness, best model. This runs on Claude Agent SDK, which means you're running Claude Code directly. The harness matters. A bad harness makes even smart models seem dumb, a good harness gives them superpowers. Claude Code is (IMO) the best harness available.

No ToS gray areas. Because it uses Claude Agent SDK natively with no hacks or workarounds, using your subscription with your auth token is completely legitimate (I think). No risk of being shut down for terms of service violations (I am not a lawyer).

• WhatsApp I/O - Message Claude from your phone
• Isolated group context - Each group has its own CLAUDE.md memory, isolated filesystem, and runs in its own container sandbox with only that filesystem mounted
• Main channel - Your private channel (self-chat) for admin control; every other group is completely isolated
• Scheduled tasks - Recurring jobs that run Claude and can message you back
• Web access - Search and fetch content
• Container isolation - Agents sandboxed in Apple containers
• Optional integrations - Add Gmail (/add-gmail) and more via skills

Talk to your assistant with the trigger word (default: @Andy):

@Andy send an overview of the sales pipeline every weekday morning at 9am (has access to my Obsidian vault folder)
@Andy review the git history for the past week each Friday and update the README if there's drift
@Andy every Monday at 8am, compile news on AI developments from Hacker News and TechCrunch and message me a briefing

From the main channel (your self-chat), you can manage groups and tasks:

@Andy list all scheduled tasks across groups
@Andy pause the Monday briefing task
@Andy join the Family Chat group

There are no configuration files to learn. Just tell Claude Code what you want:

• "Change the trigger word to @Bob"
• "Remember in the future to make responses shorter and more direct"
• "Add a custom greeting when I say good morning"
• "Store conversation summaries weekly"

Or run /customize for guided changes.

The codebase is small enough that Claude can safely modify it.

Don't add features. Add skills.

If you want to add Telegram support, don't create a PR that adds Telegram alongside WhatsApp. Instead, contribute a skill file (.claude/skills/add-telegram/SKILL.md) that teaches Claude Code how to transform a NanoClaw installation to use Telegram.

Users then run /add-telegram on their fork and get clean code that does exactly what they need, not a bloated system trying to support every use case.

Skills we'd love to see:

Communication Channels

• /add-telegram - Add Telegram as channel. Should give the user option to replace WhatsApp or add as additional channel. Also should be possible to add it as a control channel (where it can trigger actions) or just a channel that can be used in actions triggered elsewhere
• /add-slack - Add Slack
• /add-discord - Add Discord

Container Runtime

• /convert-to-docker - Replace Apple Container with Docker (unlocks Linux)

Platform Support

• /setup-windows - Windows via WSL2 + Docker

Session Management

• /add-clear - Add a /clear command that compacts the conversation (summarizes context while preserving critical information in the same session). Requires figuring out how to trigger compaction programmatically via the Claude Agent SDK.

WhatsApp (baileys) --> SQLite --> Polling loop --> Container (Claude Agent SDK) --> Response

Single Node.js process. Agents execute in isolated Linux containers with mounted directories. IPC via filesystem. No daemons, no queues, no complexity.

Key files:

• src/index.ts - Main app: WhatsApp connection, routing, IPC
• src/container-runner.ts - Spawns agent containers
• src/task-scheduler.ts - Runs scheduled tasks
• src/db.ts - SQLite operations
• groups/*/CLAUDE.md - Per-group memory

Why WhatsApp and not Telegram/Signal/etc?

Because I use WhatsApp. Fork it and run a skill to change it. That's the whole point.

Why Apple Container instead of Docker?

Lightweight, fast, and built into macOS. Requires macOS Tahoe and runs great on a Mac Mini. Contribute a skill to convert to Docker if you want Docker.

Can I run this on Linux?

Yes. Run Claude Code and say "make this run on Linux." ~30 min of back-and-forth and it'll work. When you're done, ask Claude to create a skill explaining how to make it work on Linux, then contribute the skill back to the project.

Is this secure?

Agents run in containers, not behind application-level permission checks. They can only access explicitly mounted directories. You should still review what you're running, but the codebase is small enough that you actually can. See docs/SECURITY.md for the full security model.

Why no configuration files?

We don't want configuration sprawl. Every user should customize it to so that the code matches exactly what they want rather than configuring a generic system. If you like having config files, tell Claude to add them.

How do I debug issues?

Ask Claude Code. "Why isn't the scheduler running?" "What's in the recent logs?" "Why did this message not get a response?" That's the AI-native approach.

Why isn't the setup working for me?

I don't know. Run claude, then run /debug. If claude finds an issue that is likely affecting other users, open a PR to modify the setup SKILL.md.

What changes will be accepted into the codebase?

Security fixes, bug fixes, and clear improvements to the base configuration. That's it.

Everything else (new capabilities, OS compatibility, hardware support, enhancements) should be contributed as skills.

This keeps the base system minimal and lets every user customize their installation without inheriting features they don't want.

MIT