kvark/zeptoclaw
Final form of claw family (Wannabe)
ZeptoClaw
Ultra-lightweight personal AI assistant.
$ zeptoclaw agent --stream -m "Analyze our API for security issues"
๐ค ZeptoClaw โ Streaming analysis...
[web_fetch] Fetching API docs...
[shell] Running integration tests...
[longterm_memory] Storing findings...
โ Found 12 endpoints, 3 missing auth headers, 1 open redirect
โ Saved findings to long-term memory under "api-audit"
โ Analysis complete in 4.2s
We studied the best AI assistants โ and their tradeoffs. OpenClaw's integrations without the 100MB. NanoClaw's security without the TypeScript bundle. PicoClaw's size without the bare-bones feature set. One Rust binary with 17 tools, 5 channels, 8 providers, and container isolation.
Why ZeptoClaw
We studied what works โ and what doesn't.
OpenClaw proved an AI assistant can handle 12 channels and 100+ skills. But it costs 100MB and 400K lines. NanoClaw proved security-first is possible. But it's still 50MB of TypeScript. PicoClaw proved AI assistants can run on $10 hardware. But it stripped out everything to get there.
ZeptoClaw took notes. The integrations, the security, the size discipline โ without the tradeoffs each one made. One 4MB Rust binary that starts in 50ms, uses 6MB of RAM, and ships with container isolation, prompt injection detection, and a circuit breaker provider stack.
Security
AI agents execute code. Most frameworks trust that nothing will go wrong.
The OpenClaw ecosystem has seen CVE-2026-25253 (CVSS 8.8 โ cross-site WebSocket hijacking to RCE), ClawHavoc (341 malicious skills, 9,000+ compromised installations), and 42,000 exposed instances with auth bypass. ZeptoClaw was built with this threat model in mind.
| Layer | What it does |
|---|---|
| Container Isolation | Every shell command runs in Docker or Apple Container โ not on your host |
| Prompt Injection Detection | Aho-Corasick multi-pattern matcher (17 patterns) + 4 regex rules |
| Secret Leak Scanner | 22 regex patterns catch API keys, tokens, and credentials before they reach the LLM |
| Policy Engine | 7 rules blocking system file access, crypto key extraction, SQL injection, encoded exploits |
| Input Validator | 100KB limit, null byte detection, whitespace ratio analysis, repetition detection |
| Shell Blocklist | Regex patterns blocking reverse shells, rm -rf, privilege escalation |
| SSRF Prevention | DNS pinning, private IP blocking, scheme validation for all web requests |
| Tool Approval Gate | Require explicit confirmation before executing dangerous tools |
Every layer runs by default. No flags to remember, no config to enable.
Install
# One-liner (macOS / Linux)
curl -fsSL https://raw.githubusercontent.com/qhkm/zeptoclaw/main/install.sh | sh
# Homebrew
brew install qhkm/tap/zeptoclaw
# Docker
docker pull ghcr.io/qhkm/zeptoclaw:latest
# Build from source
cargo install zeptoclaw --git https://github.com/qhkm/zeptoclawQuick Start
# Interactive setup (walks you through API keys, channels, workspace)
zeptoclaw onboard
# Talk to your agent
zeptoclaw agent -m "Hello, set up my workspace"
# Stream responses token-by-token
zeptoclaw agent --stream -m "Explain async Rust"
# Use a built-in template
zeptoclaw agent --template researcher -m "Search for Rust agent frameworks"
# Process prompts in batch
zeptoclaw batch --input prompts.txt --output results.jsonl
# Start as a Telegram/Slack/Discord/Webhook gateway
zeptoclaw gateway
# With full container isolation per request
zeptoclaw gateway --containerizedMigrate from OpenClaw
Already running OpenClaw? ZeptoClaw can import your config and skills in one command.
# Auto-detect OpenClaw installation (~/.openclaw, ~/.clawdbot, ~/.moldbot)
zeptoclaw migrate
# Specify path manually
zeptoclaw migrate --from /path/to/openclaw
# Preview what would be migrated (no files written)
zeptoclaw migrate --dry-run
# Non-interactive (skip confirmation prompts)
zeptoclaw migrate --yesThe migration command:
- Converts provider API keys, model settings, and channel configs
- Copies skills to
~/.zeptoclaw/skills/ - Backs up your existing ZeptoClaw config before overwriting
- Validates the migrated config and reports any issues
- Lists features that can't be automatically ported
Supports JSON and JSON5 config files (comments, trailing commas, unquoted keys).
Deploy
Any VPS
curl -fsSL https://zeptoclaw.com/setup.sh | bashInteractive setup guides you through provider keys and channel selection. Installs the binary, creates a systemd service, starts on boot.
Features
Core
| Feature | What it does |
|---|---|
| Multi-Provider LLM | Claude + OpenAI with SSE streaming, retry with backoff, auto-failover |
| 17 Tools + Plugins | Shell, filesystem, web, memory, cron, WhatsApp, Google Sheets, and more |
| Agent Swarms | Delegate to sub-agents with role-specific prompts and tool whitelists |
| Batch Mode | Process hundreds of prompts from text/JSONL files with template support |
| Agent Templates | 4 built-in (coder, researcher, writer, analyst) + custom JSON templates |
Channels & Integration
| Feature | What it does |
|---|---|
| 5-Channel Gateway | Telegram, Slack, Discord, Webhook, CLI โ unified message bus |
| Plugin System | JSON manifest plugins auto-discovered from ~/.zeptoclaw/plugins/ |
| Hooks | before_tool, after_tool, on_error with Log, Block, and Notify actions |
| Cron & Heartbeat | Schedule recurring tasks, proactive check-ins, background spawning |
| Memory & History | Workspace memory, long-term key-value store, conversation history |
Security & Ops
| Feature | What it does |
|---|---|
| Container Isolation | Shell execution in Docker or Apple Container per request |
| Tool Approval Gate | Policy-based gating โ require confirmation for dangerous tools |
| SSRF Prevention | DNS pinning, private IP blocking, scheme validation |
| Shell Blocklist | Regex patterns blocking reverse shells, rm -rf, privilege escalation |
| Token Budget & Cost | Per-session budget enforcement, per-model cost estimation for 8 models |
| Telemetry | Prometheus + JSON metrics export, structured logging, per-tenant tracing |
| Multi-Tenant | Hundreds of tenants on one VPS โ isolated workspaces, ~6MB RAM each |
Full documentation โ zeptoclaw.com/docs covers configuration, environment variables, CLI reference, deployment guides, and more.
Inspired By
ZeptoClaw is inspired by projects in the open-source AI agent ecosystem โ OpenClaw, NanoClaw, and PicoClaw โ each taking a different approach to the same problem. ZeptoClaw's contribution is Rust's memory safety, async performance, and container isolation for production multi-tenant deployments.
Development
cargo test # 1,100+ tests
cargo clippy -- -D warnings
cargo fmt -- --checkLicense
Apache 2.0 โ see LICENSE
ZeptoClaw โ Because your AI assistant shouldn't need more RAM than your text editor.
Built by Aisar Labs