What’s the best lightweight “claw” style agent for Linux? It doesn’t necessarily need containerisation or sandboxing as it would be run on a fresh vps with no access to important data.

I've been using https://github.com/sipeed/picoclaw

If you just want Whatsapp and webchat, I'm hacking https://github.com/rcarmo/piclaw from NanoClaw and my own web front-end (I prefer a simple web app I can access via tailscale)

zeroclaw perhaps?

Yes, it’s worthwhile because the new models are being specifically trained and hardened against prompt injection attacks.

Much like how you wouldn’t immediately fire Alice, you’d train her and retest her, and see whether she had learned from her mistakes. Just don’t trust her with your sensitive data.

Hmm I guess it will have to get to a point where social engineering an individual at a company is more appealing than prompt injecting one of its agents.

It’s interesting though, because the attack can be asymmetric. You could create a honeypot website that has a state-of-the-art prompt injection, and suddenly you have all of the secrets from every LLM agent that visits.

So the incentives are actually significantly higher for a bad actor to engineer state-of-the-art prompt injection. Why only get one bank’s secrets when you could get all of the banks’ secrets?

This is in comparison to targeting Alice with your spearphishing campaign.

Edit: like I said in the other comment, though, it’s not just that you _can_ fire Alice, it’s that you let her know if she screws up one more time you will fire her, and she’ll behave more cautiously. “Build a better generative AI” is not the same thing.

News aggregation, research, context aware reminders. Not nearly as useful as letting it go open-season on your data, but still enough that it would’ve been mind blowing 10 years ago.

But where does it store that information? I suppose you sandbox the agent on an operating system that gives it very few privileges?

Data scraping is an interesting use-case.

I’d love to see a classical (or rapid/blitz) tournament where the players don’t know who they’re playing.

Separate rooms, arbiters make the moves for the opponent.

I think we’d see some interesting results.

The average Discord user does not care.

It is a really impressive tool, but I just can’t trust it to oversee production code.

Regardless of how you isolate the OpenClaw instance (Mac Mini, VPS, whatever) - if it’s allowed to browse the web for answers then there’s the very real risk of prompt injection inserting malicious code into the project.

If you are personally reviewing every line of code that it generates you can mitigate that, but I’d wager none of these “super manager” users are doing that.

I hate websites that don’t finish loading, like this one on Brave iOS. Gives the impression it’s downloading something massive.

That's a nice way to put it.

bruh thats so rude lmaooo

Yes, you do need to read further. The “no artistic talent” was clearly a throwaway comment and a lighthearted excuse to play around with Claude. Not everyone wants to become a maestro.

What’s the difference between this, and just running Claude Code in —dangerously-skip-permissions mode in a container and accessing remotely via ssh?

I’m confused as to what these claw agents actually offer.

The README.md describes it as:

WhatsApp (baileys) --> SQLite --> Polling loop --> Container (Claude Agent SDK) --> Response

So they basically put a Wrapper around Claude in a Container, which allows you to send messages from WhatsApp to Claude, and act somewhat as if you had a Siri on steriods.

Found the spec here: https://github.com/gavrielc/nanoclaw/blob/main/docs/SPEC.md

The scheduled tasks seem like the major functional difference. Pretty cool.

Has anyone tried Anthropic’s “Cowork”? How does that compare?