NanoClaw Brings Container-Isolated AI Agents to WhatsApp and Telegram

NanoClaw is a lightweight open-source personal AI agent that runs locally and connects to apps like WhatsApp and Telegram. Built with only ~3,900 lines of code across 15 files, it uses container isolation to securely run agents and aims to offer a simpler, fully auditable alternative to large frameworks like OpenClaw.

NanoClaw is a new open-source personal AI agent designed to run locally while staying small enough to fully understand and audit.

The project presents itself as a minimalist alternative to larger AI agent frameworks such as OpenClaw. Instead of thousands of files and a sprawling architecture, NanoClaw runs as a single Node.js process composed of only 15 source files and roughly 3,900 lines of code.

The goal is simple: if an AI agent runs on your machine and interacts with your data, you should actually be able to understand what it does.

NanoClaw connects directly to messaging platforms such as WhatsApp and Telegram, which lets users interact with their personal AI agent through apps they already use. The main process handles messages, places them in per-group queues, and executes them inside isolated agent environments.

One of the most notable aspects of NanoClaw is its container-based security model.

Instead of reliance on internal permission checks or sandbox logic inside the application, each agent session runs inside its own Docker or Apple Container environment. Every group conversation receives a dedicated container with its own filesystem, process space, and isolated Claude session.

This means agents cannot access files, processes, or data outside the directories that are explicitly mounted into the container.

In practice, this approach mirrors how modern cloud infrastructure isolates workloads. Rather than trust in application code to enforce security boundaries, the system relies on operating-system level isolation. If an agent executes shell commands, those commands run inside the container rather than on the host machine.

NanoClaw can also integrate with Model Context Protocol (MCP) servers. This allows the agent to interact securely with external tools, APIs, and data sources through a standardized interface. The approach gives developers a way to extend the agent’s capabilities without tight coupling of integrations to the core codebase.

The architecture behind NanoClaw is intentionally straightforward. A single Node.js process handles message polling, orchestration, and scheduling. SQLite stores messages, sessions, and tasks. Containers run the AI agents themselves, while communication between the host and the containers occurs through JSON files stored in group directories.

This design keeps the system small while still supporting features such as:

• Agent swarms, where multiple specialized agents collaborate on tasks
• Per-group memory, where each group maintains its own context and filesystem
• Scheduled tasks, which allow agents to run automated reports or briefings
• Skills, which extend capabilities without growth of the core codebase

The setup process also reflects the project’s AI-native philosophy. Instead of traditional installers or configuration files, NanoClaw uses Claude Code to guide the installation interactively. After cloning the repository and running Claude, the /setup command installs dependencies, configures containers, and connects messaging services.

The result is an AI agent platform that prioritizes simplicity, transparency, and security.

The project also highlights a broader shift in the AI agent ecosystem. As frameworks grow larger and more complex, some developers move toward smaller systems that allow full inspection and control. PicoClaw is another project that follows the same trend: smaller, lighter, and more secure.

For developers who want to run their own personal AI agents while retaining full control over the system, that combination may prove appealing. NanoClaw is available as an open-source project on GitHub under the MIT license.

• https://nanoclaw.dev/...