nanocoai/nanoclaw
⭐ 28,735 · TypeScript · GitHub Repo
A lightweight alternative to OpenClaw that runs in containers for security. Connects to WhatsApp, Telegram, Slack, Discord, Gmail and other messaging apps,, has memory, scheduled jobs, and runs directly on Anthropic's Agents SDK
ai-agents ai-assistant claude-code claude-skills openclaw
1-Sentence Summary
NanoClaw: a lightweight, container-isolated AI agent platform that any developer can fully understand and customize.
🔥 Key Capabilities & USP
- Container-Isolated Agents for True Security — Each agent runs in its own Docker container with OS-level filesystem isolation, not just application-level permission checks. This makes even direct bash access safe, solving the fundamental security problem of AI assistants that need to execute code or access files.
- Multi-Channel Messaging, Installed On Demand — Connect to WhatsApp, Telegram, Discord, Slack, Gmail, and a dozen other platforms via
/add-<channel>skills. Channels are installed per-fork, keeping your codebase lean and avoiding configuration sprawl. - AI-Native Customization with No Config Files — There are no YAML or JSON configuration files. You modify behavior by telling Claude Code what you want (e.g., "Change the trigger word to @Bob"), and the small codebase makes safe modifications possible. This is a paradigm shift from traditional configuration management.
- Scheduled Tasks & Per-Agent Memory — Recurring jobs that run Claude and message you back, plus each agent has its own memory and workspace with a dedicated
CLAUDE.md. This enables persistent, autonomous workflows without manual intervention. - Unique Selling Proposition: NanoClaw is small enough for a single developer to fully understand and customize, while still being a production-ready multi-channel AI assistant. It is the anti-framework: understandable, secure, and directly modifiable.

Technical Architecture
| Component | Technology | Role |
|---|---|---|
| Host Process (Router) | Node.js, TypeScript | Orchestrates per-session agent containers, routes messages |
| Agent Containers | Docker, Bun, Claude Agent SDK | Each agent runs in an isolated Linux container |
| Message Queue | SQLite (inbound.db, outbound.db) | Two files per session, each with exactly one writer, avoiding cross-mount contention |
| Credential Security | OneCLI's Agent Vault | Injects credentials at request time, enforces per-agent policies and rate limits |
| Messaging Channels | WhatsApp, Telegram, Discord, Slack, etc. | Installed on demand via skills; each channel is a separate branch |
Data Flow: Messaging apps → Host Process → inbound.db (SQLite) → Agent Container → outbound.db (SQLite) → Host Process → Messaging apps. No IPC or stdin piping is used, which eliminates cross-mount contention issues.
Quick Start Guide
git clone https://github.com/qwibitai/nanoclaw.git nanoclaw-v2
cd nanoclaw-v2
bash nanoclaw.shMigration from v1:
git clone https://github.com/qwibitai/nanoclaw.git nanoclaw-v2
cd nanoclaw-v2
bash migrate-v2.shPrerequisites: Docker (macOS/Linux/WSL2), Claude Code for customization and error recovery.
Pros, Cons & Use Cases
Pros
- Understandable codebase — Small enough for one developer to fully comprehend and customize, unlike monolithic AI agent frameworks.
- True OS-level isolation — Container-based security is far more robust than application-level permission checks.
- No configuration sprawl — AI-native customization eliminates the need for complex config files.
- Lean by design — Skills-based feature installation means each fork only contains what it needs.
- Broad messaging support — Covers virtually every major messaging platform out of the box.
Cons
- Requires Docker — Only runs on macOS, Linux, or Windows via WSL2. No native Windows support.
- Requires Claude Code — Customization and error recovery depend on Claude Code, creating a dependency on Anthropic's tooling.
- Not plug-and-play — Non-technical users will struggle with setup, Docker configuration, and code modifications.
- Trunk is intentionally bare — Users must install skills to get features, which may surprise those expecting a fully-featured out-of-box experience.
Who should NOT use this?
- Non-technical users who want a turnkey AI assistant with a GUI and no command-line interaction.
- Windows-only users who cannot or will not use WSL2 for Docker support.
- Teams needing a managed SaaS solution — This is a self-hosted, DIY tool, not a managed service.
- Users who prefer configuration files over AI-driven code modification.
- Enterprise teams requiring centralized management — Each fork is independent; there's no admin dashboard for fleet management.
Ideal Use Cases
- Solo developers who want a fully customizable, secure AI assistant they own and understand.
- Power users comfortable with Docker and TypeScript who want to integrate AI across all their messaging platforms.
- Privacy-conscious individuals who need OS-level isolation for AI agents that access sensitive files or execute commands.
- Hackers and tinkerers who want to build custom AI workflows with scheduled tasks and multi-channel messaging.
- Open-source enthusiasts who want to fork, modify, and contribute to a growing ecosystem.
Community & Activity
NanoClaw is on fire with 28,735 stars — a clear signal that the developer community is hungry for a lightweight, secure alternative to monolithic AI agent frameworks. The project is actively maintained (last updated May 2026) and has built significant momentum around its container-isolated architecture. The skills-based branching model encourages community contributions, and the understandable codebase lowers the barrier for new contributors. If you've been waiting for a signal to jump into the AI agent space, this is it.