OpenClaw
Cross-platform autonomous agent that lives inside the chat apps you already use
A generalist autonomous agent with an extensible skill system, deployed natively inside Slack, WhatsApp, Telegram, Signal, and Discord. Wrapped in NemoClaw's OpenShell sandbox and Privacy Router for enterprise-grade structural guardrails — solving the security and friction problems that block raw open-source agent adoption.
Overview
OpenClaw is the chat-native execution surface of Hannah Imagineer. It speaks every major messaging platform fluently and is hardened against the structural vulnerabilities (Claw Chain CVE-2026-44112 and follow-ons) that ship with the upstream open-source agent. NemoClaw''s OpenShell wraps every tool call in kernel-level isolation, and the Privacy Router intercepts PII before it leaves the perimeter — rerouting sensitive tokens to a local model.
Primitives
Native execution inside Slack, WhatsApp, Telegram, Signal, Discord
Extensible third-party skills ecosystem
OpenShell kernel-level sandboxing (via NemoClaw wrapper)
Privacy Router intercepts and reroutes PII to local models
Hardware-agnostic (NVIDIA, AMD, Intel) — no infrastructure overhaul
One-command deployment with managed onboarding
Patched against Claw Chain vulnerabilities (CVE-2026-44112 and chain)
Outcomes
- 01Pass enterprise IT review on first submission
- 02Drop autonomous execution into existing chat surfaces with no client install
- 03Keep PII inside the perimeter while still using frontier cloud models
- 04No GPU lock-in — runs on whatever silicon the customer already owns
Integrations
Autonomy & guardrails
- External communications outside the configured perimeter
- Skills not signed by the customer's trust root
- Privileged tool calls touching SSO or secrets manager
- Cross-tenant data access
Guardrails & requirements
Guardrails
- OpenShell kernel sandbox for all tool execution
- Privacy Router redacts/reroutes PII before any external call
- Deny-by-default network egress
- Tamper-evident audit trail signed per action
- Patched against full Claw Chain (CVE-2026-44112+)
Requirements
- Linux host (x86_64 or arm64)
- Container runtime (Docker, Podman, or containerd)
- Outbound HTTPS to chosen LLM provider (or local model)
Technical specifications
Runtime
- Harness
- NemoClaw / OpenShell
- Deployment
- Self-hosted on customer hardware · Managed dedicated tenant
- Data residency
- Customer-controlled — never leaves the configured perimeter
- License
- Commercial · NemoClaw EULA
- Version
- v2.0
Models & tooling
- Models
- claude-opus-4-7claude-sonnet-4-6gpt-4olocal: qwen2.5-72blocal: phi-4
- Tooling
- openshell-sandboxprivacy-routersigned-skill-registryegress-policy-engine
Reliability & limits
- Latency SLA
- ~900ms p50 / ~3.2s p95 per turn
- Rate limits
- 120 turns/min per instance · burst to 300/min
Security & compliance
- Auth model
- SSO (Okta, Azure AD, Google) · mTLS for skill registry
- Compliance
- SOC 2 Type IIHIPAAISO 27001FedRAMP Moderate (in process)EU AI Act compliant
Architecture notes
Memory architecture
Tenant-scoped memory stored in customer-controlled Postgres with row-level isolation. PII tokens are tombstoned by the Privacy Router and only the local model sees the cleartext; cloud models see opaque references.
Context strategy
Context is assembled with a redaction pass: the Privacy Router scans the prompt, replaces sensitive entities with opaque tokens, and routes only the redacted form to cloud models. Local models re-hydrate tokens when generating user-facing output.
Evaluation
Every skill ships with a signed regression suite. Pre-deploy, the OpenShell harness replays the suite under the customer''s policy bundle. Runtime drift is monitored against the published baseline and gated by automatic rollback.