by qhkm
Fast, small, secure, local-first personal AI assistant infrastructure: one Rust binary for tools, memory, channels, providers, and sandboxed autonomy.
# Add to your Claude Code skills
git clone https://github.com/qhkm/zeptoclawLast scanned: 5/11/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-11T07:40:41.517Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}No comments yet. Be the first to share your thoughts!
30 days in the Featured rail · terms & refunds
$ zeptoclaw agent --stream -m "Analyze our API for security issues"
🤖 ZeptoClaw — Streaming analysis...
[web_fetch] Fetching API docs...
[shell] Running integration tests...
[longterm_memory] Storing findings...
→ Found 12 endpoints, 3 missing auth headers, 1 open redirect
→ Saved findings to long-term memory under "api-audit"
✓ Analysis complete in 4.2s
ZeptoClaw is one Rust binary for running personal AI agents locally, at the edge, or on a VPS — with tools, memory, channels, providers, and sandboxed autonomy built in. We studied the best AI assistants — and their tradeoffs: OpenClaw's integrations without the large TypeScript app footprint, NanoClaw's container-isolated simplicity without narrowing to a tiny assistant core, NemoClaw's OpenShell guardrails without the Docker/k3s footprint, and PicoClaw's edge efficiency with Rust's safety and runtime controls.
We studied what works — and what doesn't.
OpenClaw proved a personal AI assistant can grow into a broad integration and skills ecosystem. NanoClaw proved container isolation can be simple enough to understand and customize. NemoClaw proved managed guardrails matter — policy-gated sandboxes, routed inference, credential injection, channel messaging, and digest-verified blueprints. PicoClaw proved edge assistants can run on $10 hardware with a Go binary under 10MB of RAM.
ZeptoClaw took notes. The integrations, the security, the governance, the size discipline — without the tradeoffs each one made. One 6MB Rust binary that starts in 50ms, uses 6MB of RAM, and ships with container isolation, prompt injection detection, and a circuit breaker provider stack.
| OpenClaw | NemoClaw | NanoClaw | PicoClaw | ZeptoClaw | |
|---|---|---|---|---|---|
| Core shape | Broad TypeScript assistant + skills ecosystem | OpenClaw managed through OpenShell | Small TypeScript Claude assistant | Go edge assistant | Single Rust binary |
| Footprint focus | Integration breadth | Docker/k3s guardrails, ~2.4GB sandbox image | ~500-line core | <10MB RAM | ~6MB binary / ~6MB RAM |
| Tools & memory | 100+ skills | OpenClaw tools in sandbox | Minimal, customizable core | Web search, memory, scheduled tasks | 33 built-ins + plugins + memory |
| Providers | Multi-provider ecosystem | Routed managed inference | Claude-focused | Multi-LLM | 18 providers |
| Channels | Broad chat integrations | Telegram/Discord/Slack via OpenShell | WhatsApp-focused | 16+ channels | 10 active built-ins + plugins |
| Isolation | Skill/user-permission model | OpenShell: Landlock + seccomp + netns | OS containers | Workspace sandbox | 6 runtimes |
| Runs on $10 HW | Not the target | Not the target | Not the target | Yes | Yes |
AI agents execute code. Most frameworks trust that nothing will go wrong.
The OpenClaw ecosystem has seen CVE-2026-25253 (CVSS 8.8 — cross-site WebSocket hijacking to RCE), ClawHavoc (341 malicious skills, 9,000+ compromised installations), and 42,000 exposed instances with auth bypass. ZeptoClaw was built with this threat model in mind.
| Layer | What it does |
|---|---|
| 6 Sandbox Runtimes | Docker, Apple Container, Landlock, Firejail, Bubblewrap, or native — per request |
| Prompt Injection Detection | Aho-Corasick multi-pattern matcher (17 patterns) + 4 regex rules |
| Secret Leak Scanner | 22 regex patterns catch API keys, tokens, and credentials before they reach the LLM |
| Policy Engine | 7 rules blocking system file access, crypto key extraction, SQL injection, encoded exploits |
| Input Validator | 100KB limit, null byte detection, whitespace ratio analysis, repetition detection |
| Shell Blocklist | Regex patterns blocking reverse shells, rm -rf, privilege escalation |
| SSRF Prevention | DNS pinning, private IP blocking, IPv6 transition guard, scheme validation |
| Chain Alerting | Detects dangerous tool call sequences (write→execute, memory→execute) |
| Tool Approval Gate | Require explicit confirmation before executing dangerous tools |
Every layer runs by default. No flags to remember, no config to enable.
# One-liner (macOS / Linux)
curl -fsSL https://raw.githubusercontent.com/qhkm/zeptoclaw/main/install.sh | sh
# Homebrew
brew install qhkm/tap/zeptoclaw
# Docker
docker pull ghcr.io/qhkm/zeptoclaw:latest
# Build from source
cargo install zeptoclaw --git https://github.com/qhkm/zeptoclaw
The control panel is an optional compile-time feature. To use zeptoclaw panel or
zeptoclaw serve, build/install with --features panel.
# Remove ZeptoClaw state (~/.zeptoclaw)
zeptoclaw uninstall --yes
# Also remove a direct-install binary from ~/.local/bin or /usr/local/bin
zeptoclaw uninstall --remove-binary --yes
# Package-managed installs still use their package manager
brew uninstall qhkm/tap/zeptoclaw
cargo uninstall zeptoclaw
# Interactive setup (walks you through API keys, channels, workspace)
zeptoclaw onboard
# Talk to your agent
zeptoclaw agent -m "Hello, set up my workspace"
# Stream responses token-by-token
zeptoclaw agent --stream -m "Explain async Rust"
# Use a built-in template
zeptoclaw agent --template researcher -m "Search for Rust agent frameworks"
# Process prompts in batch
zeptoclaw batch --input prompts.txt --output results.jsonl
# Start as a Telegram/Slack/Discord/Webhook gateway
zeptoclaw gateway
# With full container isolation per request
zeptoclaw gateway --containerized
Already running OpenClaw? ZeptoClaw can import your config and skills in one command.
# Auto-detect OpenClaw installation (~/.openclaw, ~/.clawdbot, ~/.moldbot)
zeptoclaw migrate
# Specify path manually
zeptoclaw migrate --from /path/to/openclaw
# Preview what would be migrated (no files written)
zeptoclaw migrate --dry-run
# Non-interactive (skip confirmation prompts)
zeptoclaw migrate --yes
The migration command:
~/.zeptoclaw/skills/Supports JSON and JSON5 config files (comments, trailing commas, unquoted keys).
curl -fsSL https://zeptoclaw.com/setup.sh | bash
Installs the binary and prints next steps. Run zeptoclaw onboard to configure providers and channels.
ZeptoClaw supports 18 LLM providers. All OpenAI-compatible endpoints work out of the box.
| Provider | Config key | Setup |
|---|---|---|
| Anthropic | anthropic |
api_key |
| OpenAI | openai |
api_key |
| OpenRouter | openrouter |
api_key |
| Google Gemini | gemini |
api_key |
| Google Vertex AI | vertex |
ADC or access token |
| Groq | groq |
api_key |
| DeepSeek | deepseek |
api_key |
| xAI (Grok) | xai |
api_key |
| NVIDIA NIM | nvidia |
api_key |
| Azure OpenAI | azure |
api_key + api_base |
| AWS Bedrock | bedrock |
api_key |
| Kimi (Moonshot) | kimi |
api_key |
| Zhipu (GLM) | zhipu |
api_key |
| Qianfan (Baidu) | qianfan |
api_key |
| Novita AI | novita |
api_key |
| Liquid AI | liquid |
api_key |
| Ollama | ollama |
local/keyless |
| VLLM | vllm |
local/keyless |
Configure in ~/.zeptoclaw/config.json or via environment variables:
{
"providers": {
"openrouter": { "api_key": "sk-or-..." },
"ollama": { "api_key": "ollama"