Don't trust AI agents

NanoClaw emphasizes a security architecture built on the principle of distrust towards AI agents, advocating for containment rather than trust in mitigating potential threats. Unlike OpenClaw, which relies on application-level security checks and runs agents in a shared environment, NanoClaw uses container isolation to ensure each agent operates in its own ephemeral, unprivileged environment, thereby preventing information leakage between agents. This design extends to the use of mount restrictions and filesystem isolation, ensuring that even if an agent acts unpredictably, the potential damage is limited. Additionally, NanoClaw's streamlined codebase, which is deliberately kept small and manageable, contrasts with OpenClaw's complex and vast code, enhancing its auditability and reducing the attack surface. This approach allows users to add only necessary functionalities through skills, ensuring that the code remains comprehensible and secure. By prioritizing external containment over internal trust, NanoClaw aims to minimize risk while acknowledging the inherent vulnerabilities in granting AI agents access to sensitive data.