OpenClaw & Local Agents
Self-hosted open-source AI agents that run on your own hardware. Comparing OpenClaw, NanoClaw, NVIDIA NemoClaw, Cloudflare Moltworker, Open Interpreter, and OpenHands — setup, security, messaging integrations, and enterprise readiness.
← Back to Reference HubFree, open-source autonomous AI agent that lives behind your messaging apps. You text a Telegram, WhatsApp, Signal, or Discord chat and OpenClaw runs LLM-driven tasks on your behalf — browsing the web, summarizing PDFs, scheduling calendar events, sending emails, agentic shopping. Originally Clawdbot (Nov 2025), renamed Moltbot (Jan 2026, after trademark complaints from Anthropic), then OpenClaw three days later.
- License: Free and open source — run it on a Raspberry Pi, NAS, VPS, or laptop
- LLM-agnostic: Works with Claude, OpenAI GPT, DeepSeek, Gemini, local Ollama models
- Messaging channels: Telegram, WhatsApp, Signal, Discord, Slack, iMessage, Matrix, plus WeChat for the Chinese fork
- Skills system: ClawHub registry of community skills you can install with one command
- Setup flow: openclaw onboard walks you through gateway, workspace, channels, and skills
- ~247K GitHub stars by March 2026 — the most popular self-hosted AI agent project
- Hostinger one-click: Hostinger ships a templated VPS install that gets you to a working WhatsApp bot in roughly 15 minutes
Limitations: Broad permissions are the whole point and the whole problem — OpenClaw needs access to email, calendars, messaging, and tools to be useful, which means a misconfigured or exposed instance is a serious privacy and security risk. Cybersecurity researchers (and Palo Alto Networks) have flagged this as a category-defining attack surface. Treat exposed OpenClaw instances like exposed root SSH.
Personal AI agent built on Anthropic's Claude Agent SDK that stuffs every agent into its own Docker container. Designed as a deliberate response to OpenClaw's "security mess" — same UX (you message it on WhatsApp / Telegram / Slack), but each agent runs with real OS-level isolation rather than application-level permission checks.
- Tiny codebase: approximately 500 lines of auditable TypeScript per nanoclaw.dev — small enough to read end-to-end in an afternoon
- Funding: $12M seed (oversubscribed at $62M valuation; strategic investors include Docker, Vercel, monday.com)
- Container isolation: Docker on macOS/Linux/WSL2, optional Docker Sandboxes micro-VM, or Apple Container as macOS-native opt-in
- Channels: WhatsApp, Telegram, Discord, Slack, Microsoft Teams, iMessage, Matrix, Google Chat, Webex, Linear, GitHub, WeChat, plus email via Resend
- Memory: SQLite for messages and sessions, per-group CLAUDE.md files that persist across restarts
- Agent swarms: First personal AI agent project to support multi-agent collaboration on a single task
- Process model: Single Node.js process — no daemons, no orchestrator, no message broker required
- Skills installed on demand: Channels and integrations are pulled in only when you opt into them
Limitations: Smaller ecosystem than OpenClaw (younger project, smaller skill catalog). Tied tightly to Claude Agent SDK — great if you're already on Anthropic, less ideal if you want vendor flexibility. Container isolation requires Docker, which adds dependencies on lower-end hardware. No first-party Windows-native install (WSL2 only).
NVIDIA's open-source security stack that wraps OpenClaw with kernel-level sandboxing, on-prem Nemotron models, and a Privacy Router that decides whether each request goes to a local or cloud model. The bet: OpenClaw's usefulness is real, but its trust model is wrong — rules need to be enforced outside the agent process so a compromised agent still can't escape.
- OpenShell runtime: Kernel-level sandbox (Linux 5.15+, cgroup v2, user namespaces) that enforces policy structurally, not behaviorally
- Nemotron models: Nemotron 3 Super 120B (~48 GB VRAM, full privacy) or Nemotron 3 Nano 4B (~8 GB VRAM, edge)
- Privacy Router: Routes simple/sensitive queries to local Nemotron, harder queries to Claude/GPT — you set the policy
- Cloud fallback: Compatible with OpenAI, Anthropic, and any OpenAI-format endpoint
- Hardware: NIM-capable GPU for full local; Ollama path needs ~87 GB disk for Nemotron 3 Super 120B, NVIDIA drivers 550+, NVIDIA Container Toolkit
- Reference HW: NVIDIA DGX Spark is the showcase platform for always-on local agents
- Enterprise adoption: Adobe, Salesforce, SAP, Dell, Cisco, and LangChain are building on the stack
- Status: Early-alpha as of March 2026 — usable but evolving
Limitations: Linux-only and effectively NVIDIA-only for the local inference path — cgroup v2 + user namespaces + NVIDIA Container Toolkit eliminate macOS, Windows, and AMD/Intel GPU users from the full stack. RAM and disk requirements rule out small VPS targets. Still alpha; configuration surface is large.
A middleware Worker plus adapter scripts that lets you run OpenClaw / Moltbot inside Cloudflare Workers and Sandbox containers, deployed across 300+ Cloudflare data centers. The agent's orchestration layer runs at the edge milliseconds from the user; LLM calls still go to the provider, but routing, tool calls, and response assembly happen locally.
- Architecture: Entrypoint Worker handles routing/admin; OpenClaw runtime + integrations run in Cloudflare Sandbox containers
- AI Gateway: All LLM calls routed through Cloudflare AI Gateway for observability, caching, and multi-provider fallback
- Browser automation: Cloudflare Browser Rendering provides headless Chromium for navigation, form filling, content capture
- Pricing model: Pay per request, no idle cost — an agent handling 10 requests/day costs effectively nothing
- Auto-scaling: Same agent code handles a viral spike to 10M requests with no infrastructure change
- Hardware: Zero — no Pi, no NAS, no VPS to maintain. Pure cloud.
- Repo: github.com/cloudflare/moltworker (open source)
Limitations: Officially a proof-of-concept, not a Cloudflare product — no SLA, no support contract. Cloudflare Sandbox container limits cap what tools can run inside (heavy local-model inference is out of scope). Edge deployment means your agent's state is distributed; persistent memory needs explicit Durable Objects / D1 / R2 wiring. Loses the "pure local, nothing leaves your hardware" story that drives a lot of OpenClaw adoption.
An older sibling of the OpenClaw family — an open-source CLI that gives any LLM the ability to write and run Python, JavaScript, or shell on your local machine, then read the results and iterate. No messaging UI; the interface is your terminal. Predates the "personal AI assistant" framing but solves an overlapping problem.
- License: Open source (MIT) — Python package, free
- LLM-agnostic: Use OpenAI, Anthropic, or any OpenAI-compatible local server (LM Studio, Jan, Ollama)
- Local-first: Code runs on your machine; no remote VM, no cloud sandbox
- Use cases: File manipulation, data analysis, web browsing, system administration through natural language
- 01 Light: $99 hardware device that brings Open Interpreter to a wearable form factor
- Persistence: Save and restore chats, customize system messages, debug mode
Limitations: No built-in messaging integrations — you have to be at the terminal to use it. No sandboxing by default, which means a careless or compromised LLM call has full shell access on your machine. Less polished agent loop than OpenClaw or OpenHands. Project velocity has slowed compared to the OpenClaw ecosystem.
The most popular open-source autonomous AI coding agent — writes code, runs terminal commands, browses the web, and opens pull requests, all inside a sandboxed Docker environment. Started as OpenDevin in early 2024 in response to Cognition's Devin, renamed OpenHands under the All-Hands-AI org. Different category from the OpenClaw family: this is a software engineer, not a personal assistant.
- ~74.4K GitHub stars (May 2026); topped open-source coding agent rankings throughout 2025–2026
- Performance: 72.8% SWE-bench Verified (OpenHands V1 SDK + Claude Sonnet 4.5); 77.6% on the V0 harness with Claude 3.5 Sonnet Thinking
- Sandboxed: All code execution happens inside Docker containers by default
- v1.7.0 (May 2026): Kubernetes support and Planning Mode (beta)
- $18.8M Series A — project has commercial backing without losing the open-source license
- Setup: Docker run + browser UI; ~15 min to a working agent on a clean machine
- Cloud option: openhands.dev offers a hosted version; the open-source self-hosted path is fully supported
Limitations: Built for engineering tasks, not personal-assistant tasks — no Telegram/WhatsApp/Signal channels, no calendar or email integrations out of the box. Heavier resource footprint than NanoClaw or Open Interpreter (Docker + agent + browser tooling). Requires meaningful LLM credit budget to be useful since it runs many iterations per task.
| Capability | OpenClaw | NanoClaw | NemoClaw | Moltworker | Open Interpreter | OpenHands |
|---|---|---|---|---|---|---|
| License | Open source | Open source | Open source | Open source (PoC) | MIT | Open source |
| Software cost | $0 | $0 | $0 | $0 | $0 | $0 |
| Infra cost (typical) | VPS / Pi / NAS | VPS / laptop | GPU box / DGX | Pay-per-request | Local machine | VPS / GPU |
| Onboarding flow | openclaw onboard | Single Node process | Manual stack install | Wrangler deploy | pip install | Docker run |
| Time to first message | ~15 min (Hostinger 1-click) | ~20 min | ~1–2 hours | ~30 min | ~5 min | ~15 min |
| One-click hosting | Hostinger | No | No | Cloudflare | No | Hosted option |
| Default isolation | Process-level only | Per-agent Docker | Kernel-level (OpenShell) | Cloudflare Sandbox | None | Docker per task |
| Compromised-agent containment | Weak | Strong | Strongest | Strong | None | Strong |
| Policy enforcement | App-level | Container boundaries | Out-of-process | Worker / Sandbox | None | Container |
| Audited codebase size | Large | ~500 lines | Large stack | Small wrapper | Modest | Large |
| Claude | Yes | Native (Agent SDK) | Cloud route | Yes | Yes | Best results |
| OpenAI GPT | Yes | Yes | Cloud route | Yes | Yes | Yes |
| Local models (Ollama / LM Studio) | Yes | Yes | Native (Nemotron) | Via API | First-class | Yes |
| DeepSeek | First-class (Chinese fork) | Yes | Cloud route | Yes | Yes | Yes |
| Native | Native | Via OpenClaw | Via OpenClaw | No | No | |
| Telegram | Native | Native | Via OpenClaw | Via OpenClaw | No | No |
| Signal | Native (complex setup) | Native | Via OpenClaw | Via OpenClaw | No | No |
| Discord | Native | Native | Via OpenClaw | Via OpenClaw | No | No |
| Slack | Native | Native | Via OpenClaw | Via OpenClaw | No | No |
| iMessage | Native | Native | Via OpenClaw | Via OpenClaw | No | No |
| Microsoft Teams | No | Native | No | No | No | No |
| OS | Linux / macOS / Windows | macOS / Linux / WSL2 | Linux 5.15+ only | Cloudflare (any OS) | Linux / macOS / Windows | Linux / macOS |
| Minimum hardware | Pi 4 / 1 GB | 2 GB RAM + Docker | 8 GB RAM + GPU | None (cloud) | Any laptop | 8 GB + Docker |
| GPU required | No | No | Yes (NVIDIA) | No | Optional (local LLM) | No (uses API) |
| Docker required | Optional | Yes (core) | Yes | Wrangler-driven | No | Yes |
| Multi-tenant support | Limited | Per-container | Native | Native (Workers) | No | Yes |
| Policy / guardrails | Skill-level | Container limits | Privacy Router + OpenShell | Worker policy | None | Sandbox config |
| Audit logging | Manual | SQLite log | Built-in | CF Logpush | Manual | Built-in |
| Production status | Stable, mass adoption | Stable | Alpha (Mar 2026) | PoC, no SLA | Stable | Stable, $18.8M Series A |
| Notable enterprise users | Tencent, Z.ai forks | Community | Adobe, Salesforce, SAP, Dell | N/A | Community | Multiple |
Our Recommendation
For most projects we'd build for clients, NanoClaw is the responsible default — you get the OpenClaw messaging UX with real Docker isolation and a small enough codebase to actually read. OpenClaw itself is great for personal experimentation but treat its broad permissions as a feature you have to actively manage. NVIDIA NemoClaw is the right answer for enterprise pilots where compliance, audit logging, and local inference matter; budget for Linux + NVIDIA hardware. Cloudflare Moltworker is a clever escape hatch when you want zero infrastructure and can accept "PoC, no SLA." Open Interpreter stays useful as a terminal companion, and OpenHands is the strongest open-source pick when you want an actual autonomous coding agent rather than a personal assistant.