Allgemein

NanoClaw’s answer to OpenClaw is minimal code, maximum isolation

Von [email protected] Loading...
NanoClaw’s answer to OpenClaw is minimal code, maximum isolation

On The New Stack Agents, Gavriel Cohen discusses why he built NanoClaw, a minimalist alternative to OpenClaw, after discovering security and architectural flaws in the rapidly growing agentic framework.

Gavriel Cohen built NanoClawa lightweight alternative to OpenClaw, in a weekend after learning about security flaws in the popular agentic framework.

On this edition of The New Stack Agents, we talk to Cohen about how he is building NanoClaw, how he is using it, and what he learned about the future of programming from the experience.

Cohen is the co-founder of AI marketing agency Qwibit, where he was already running agents for everything — operations, research, sales pipeline, client management, and documentation. To do that, he used Claude Code, but he wanted to create an interface that would be friendlier to the non-technical users in the company.

“I had this idea, before starting with OpenClaw, that I’d like to have containers and agents that are running on a machine that’s always on in the background,” he says. Around the same time, Clawdbot, later renamed OpenClaw, launched and seemed to provide an answer to all of this.

“I started to run it, and then immediately it clicked that this was what I needed for both giving me and my co-founder access to the sales data and the sales pipeline in a really easy-to-use interface.”

But Cohen says he didn’t sleep well that first night after setting up Clawdbot. As he set up the project, he noted that Clawdbot had added a small GitHub package he’d created months earlier: a Gemini-based PDF editing tool with a few hundred stars and zero recent activity.

“As a developer, every single dependency that I add to my software, I vet,” Cohen says. “Being that they had added my package, which anybody who was vetting it should not have added — right away, I was like, this is worrying.”

He also noticed that the way the original Clawdbot connected to his WhatsApp account meant it didn’t just store the messages from the groups he’d told the agent to monitor; it also stored all messages in a local database.

By that point, the Clawdbot codebase had already ballooned to roughly 350,000 lines, generated in a matter of weeks with AI.

“It breaks the fundamental thing that makes open source work,” Cohen says. “The code is there, and people look at the code. But when it’s coded so quickly with so little oversight, nobody else is going to be able to audit 400,000 lines of code.”

He believes, however, that the biggest issue was architectural: there was no isolation between agents. An agent in a family WhatsApp group and one connected to a work repository ran in the same environment, separated only by application-level blocks rather than OS-level sandboxing.

That insight became the foundation for NanoClaw.

Minimal code as a design philosophy

NanoClaw launched on GitHub in late January and now has just under 10,000 stars. The core principle is radical minimalism: about a few hundred lines of actual code, a handful of dependencies, and each agent running inside its own container.

“I’m going to put just the code that I need, nothing else,” Cohen says. “Every line of code that you’re running is code that’s there for you. And not a single line of code that’s there to support someone else.”

Built on Claude Code, NanoClaw skips the typical installation wizards, configuration files, and plugin systems. Setup runs through a Claude Code skill, a Markdown instruction file that guides Claude in walking the user through the process, asking questions along the way. Apple Containers or Docker? There’s a skill file for that, too. Want to add Telegram alongside WhatsApp? Run /add-telegram, and Claude walks you through the process and builds the integration.

The entire project’s source code fits into about 35,000 tokens, roughly 17% of Claude Code’s 200,000-token context window. That means a coding agent can pull in the full codebase, understand it completely, and one-shot most features. OpenClaw’s 400,000-line codebase, by contrast, would span many context windows.

Cohen is pushing this further. The next refactor, he tells us, will strip WhatsApp out of the core and remove file-mounting code, leaving a headless runtime of about 2,000 lines. Integrations and features get added at build time through skills, so each user’s deployment contains only the code it actually runs.

“If a piece of software is adding all this functionality that you don’t need, then that software has gotten worse for you,” Cohen says. “It’s a larger package, it’s less secure — and you don’t need it.”

New rules for coding in the age of AI

Building NanoClaw reinforced something Cohen, who was previously a full-stack engineer at Wix, had been thinking about for a while: AI agents will fundamentally change how developers write and maintain code.

Take DRY — don’t repeat yourself. Cohen argues that this made sense when writing and testing code was expensive. But that has side effects when used with coding agents, because when coding agents edit a shared function, they tend to make the change and move on without ever considering the downstream effects. Duplicated code eliminates that class of side effects.

“The overhead of maintaining duplicates doesn’t cost that much anymore,” Cohen says. “You can run Claude Code on it, and it will apply the same changes throughout.”

Strict file-length linting is another area where change may be needed. Cohen says that early in his Claude Code usage, he set a 120-line maximum per file. But the result of that was that the agent spent more time refactoring to stay under the limit than building features. Today’s models can handle files of 500 to 1,000 lines with targeted edits, making the old rule counterproductive.

Cohen also argues that the value of a given piece of code is dropping fast when, every three to six months, better and cheaper models arrive. Code that works today doesn’t need to stand the test of time, he believes. In a year, a better agent will simply be able to rewrite it.

“We’re not writing code today that needs to stand the test of time for years in the future,” he says.

No code in Markdown files

One newer principle Cohen is championing: no code blocks inside Markdown skill files.

That is fine as part of Anthropic’s SKILL.md standard, but what tends to happen, he says, is that scripts sneak into instruction documents. Claude then reads the code, writes it back out to its bash tool, and executes it. That process only introduces errors, especially as the context window fills up.

The fix: Markdown files reference external scripts, and each script outputs only a few lines of status and a log file, rather than flooding Claude’s context with raw terminal output. When, for some reason, Claude needs more context, it can look at the log file.

In NanoClaw’s setup process, removing code from the Markdown file reduces token consumption to 3,000, down from 30,000 to 100,000 previously.

What’s next?

The project now has a group of regular contributors, and Cohen says the roadmap centers on shrinking the core even further and making it easier to build on top of. The goal is a runtime so small that an enterprise security team could audit it in an afternoon, whiteboard the full architecture, and verify every line.

“I hope companies will be built on top of NanoClaw,” he says. “Simple infrastructure that anybody could build on.”

As for whether Cohen himself will build one of those companies, he says the hard part isn’t finding the opportunity.

“The difficult question is, which company?” he says. “Because there’s just so many options.”

The post NanoClaw’s answer to OpenClaw is minimal code, maximum isolation appeared first on The New Stack.