ZeptoClaw
qhkm/zeptoclaw
A security-hardened, ultra-lightweight AI assistant that delivers OpenClaw-level integrations in a 6MB Rust binary with 50ms startup. Built with defense-in-depth against the CVE-2026-25253 and ClawHavoc vulnerabilities that plagued the OpenClaw ecosystem.
Why choose ZeptoClaw over OpenClaw?
Quick recommendation layer first, deeper analysis second. Use this before diving into metrics and architecture details.
- Safer default posture than OpenClaw for security-conscious deployments.
- Runs far leaner than OpenClaw on constrained hardware and low-cost hosts.
- Emphasizes isolation and containment where OpenClaw often prioritizes raw flexibility.
- Still less proven than OpenClaw in maturity, docs depth, or production mileage.
- Efficiency usually comes with narrower scope, fewer integrations, or rougher ergonomics.
- Security-sensitive self-hosters
- Edge devices and lightweight deployments
- You only want battle-tested projects with a long public track record
- You care more about broad integrations than minimal footprint
Limited evidence available. Use the primary sources before making a production decision.
AI decision layer last reviewed Apr 20, 2026. Helpful, but still inference-heavy enough to double-check primary sources.
Source window: GitHub metadata, README, recent commits, latest release, Reddit, Brave search
Community Pulse
Security Radar
How it's evaluated
Isolation from host OS. 10 = Fully virtualized (Docker/Wasm); 1 = Direct local execution.
Safety of external connections. 10 = End-to-end encrypted/Scoped; 1 = Plaintext/Broad access.
Traffic control. 10 = Air-gapped/Offline-first; 1 = Unrestricted internet access.
Privacy level. 10 = Zero telemetry/Zero tracking; 1 = Extensive logging/reporting.
Command safety. 10 = No unsupervised shell; 1 = Raw, unmonitored shell access.
Security radar summary for ZeptoClaw.
- ZeptoClaw: Sandboxing 9 of 10, API Security 9 of 10, Network Isolation 8 of 10, Telemetry Safety 9 of 10, Shell Protection 7 of 10.
Evaluation Scale: 10 = Maximum Safety / 1 = High Risk
Star Growth (2026)
Star history summary.
- zeptoclaw: 104 recorded points. From 564 stars on 2026-01-01 to 605 on 2026-04-21.
ClawVerse News
Latest articles and global buzz
Trending Mentions
Technical Showdowns
ZeptoClaw is an ultra-lightweight personal AI assistant written in Rust, designed as a security-hardened alternative to OpenClaw. It delivers comparable functionality—32 built-in tools, 9 communication channels, and 9 LLM providers—in a single 6MB binary that starts in 50ms and uses only 6MB of RAM. The project explicitly addresses the threat model of the OpenClaw ecosystem, which has suffered from CVE-2026-25253 (CVSS 8.8 WebSocket hijacking to RCE), ClawHavoc (341 malicious skills), and 42,000 exposed instances with auth bypass.
The architecture emphasizes defense-in-depth: container isolation with 6 sandbox runtimes, prompt injection detection, circuit breaker provider stacks, SSRF protection with CDP Fetch interception, and hardened path validation against symlink/hardlink escape vectors. Recent commits show active security hardening, including fixes for dangling symlink bypass (TOCTOU), hardlink alias attacks, and per-template capability sandboxing with shell allowlists and token budgets. The project maintains 3,100+ tests with cargo-nextest for OOM-resistant CI runs.
Unlike OpenClaw's 100MB footprint and 400K lines of code, or NanoClaw's 50MB TypeScript bundle, ZeptoClaw achieves its size discipline through native Rust without sacrificing features. It supports MCP Server mode, unified diff editing, and session restore via with_history() builder pattern. The project is positioned as a "best of all worlds" solution: OpenClaw's integrations, NanoClaw's security, and PicoClaw's size—without their respective tradeoffs.