upvote

points

by theturtletalks10 hours ago |
comments
upvoteby dannymi5 hours ago|
next
[-]
I'm only using NanoClaw, but I like that I could (and did) just review the code it has, and that it uses containers for each agent (so I can have different WhatsApp groups working on different things and they can't interfere with each other), and that I could (and did) just swap those containers out easily for guix shell containers.

I am pretty confident that I know how the agent containerization works. In general there's really not a lot of complexity there at all.

If one wants, one can just (ask Claude to) add whatever functionality, or (and that's what I did) just use Claude skills (without adapting NanoClaw any further) and be done with.

What is annoying is that their policy is instead of integrating extra functionality upstream, they prefer you to keep it for yourself. That means I have to either not update from upstream or I am the king of the (useless so far--just rearranging the deck chairs) merge conflicts every single time. So one of the main reasons for contributing to upstream is gone and you keep having to re-integrate stuff into your fork.

reply
upvoteby tao_oat9 hours ago|
prev|
next
[-]
I haven't used them all but based on my partial research so far:

- OpenClaw: the big one, but extremely messy codebase and deployment

- NanoClaw: simple, main selling point is that agents spawn their own containers. Personally I don't see why that's preferable to just running the whole thing in a container for single-user purposes

- IronClaw: focused on security (tools run in a WASM sandbox, some defenses against prompt injection but idk if they're any good)

- PicoClaw: targets low-end machines/Raspberry Pis

- ZeroClaw: Claw But In Rust

- NanoBot: ~4k lines of Python, easy to understand and modify. This is the one I landed on and have been using Claude to tweak as needed for myself

reply
upvoteby jeremyjh5 hours ago|
parent|
next
[-]
IronClaw’s security architecture sounds plausible, but I have not audited it. Plugins can only access remote endpoints you’ve specifically allowed it for. Secrets aren’t available to the LLM - they are injected where the LLM requires it but only secrets authorized for that plugin are available to it. Together those two things provide an answer to a huge range of the most common prompt injection vulnerabilities, such as credential extraction. So you can give it access to your bank account and email and it can’t email your bank password to an attacker. But it could still transfer money to them.

The only secure way to use any of these tools is to give them very limited access - if they need a credit card give them a virtual card with a low limit, or even its own bank account. They can send email but only from their own account; like a human personal assistant. But of course this requires careful thought and adds friction to every new task, so people won’t be doing it.

reply
upvoteby barbazoo8 hours ago|
parent|
prev|
next
[-]
Everything supports WA, Telegram, etc. I wish it wasn't so hard to hook up Signal to anything.

I'm using the signal-cli-rest-api but the whole setup feels kinda wonky.

reply
upvoteby theturtletalks8 hours ago|
parent|
prev|
[-]
Which would you say has the best cron and heartbeat implementation?
reply
upvoteby tao_oat8 hours ago|
parent|
[-]
Haven't tried them in enough depth to compare.

Nanobot's was not great (cron + a HEARTBEAT.md meant two ways to do things, which would confuse the AI). But because the implementation is so simple, I could improve it in a few minutes in my own fork!

reply
upvoteby huqedato10 hours ago|
prev|
[-]
The same crap under the hood, IMO.
reply
upvoteby redman258 hours ago|
parent|
[-]
Yeah, good software takes time. These are all popping up way to fast.
reply