← Back to research
·9 min read·company

ZeptoClaw

ZeptoClaw is a Rust-based personal AI assistant in a ~6MB binary — combining OpenClaw's integrations, NanoClaw's security, and PicoClaw's size discipline without the tradeoffs.

https://zeptoclaw.com
personal-agentsopen-sourceenterprisesandboxesdiscorddockergithubopenairust

Key takeaways

  • The "notes taker" of the claw ecosystem — studied OpenClaw, NanoClaw, and PicoClaw, then built one binary that avoids each one's tradeoffs
  • ~6MB binary, ~6MB RAM, ~50ms startup — smallest full-featured option with container isolation, 32+ tools, and 9 channels
  • Security-by-default: container isolation, prompt injection detection (17 patterns), SSRF prevention, and shell blocklists all enabled out of the box
  • Built-in OpenClaw migration — one command imports config, skills, and provider keys from existing installations

FAQ

What is ZeptoClaw?

ZeptoClaw is a Rust-based personal AI assistant that combines OpenClaw's integrations, NanoClaw's security, and PicoClaw's size in a single ~6MB binary.

How does ZeptoClaw compare to OpenClaw?

ZeptoClaw is far smaller (~6MB vs ~100MB), uses 150x less RAM (~6MB vs 1GB+), starts 10x faster, but has fewer channels (9 vs 12) and skills.

Does ZeptoClaw support container isolation?

Yes — Docker and Apple Container isolation are built in. Use --containerized flag for full sandboxing per request.

Can I migrate from OpenClaw to ZeptoClaw?

Yes — run `zeptoclaw migrate` to auto-import config, skills, and provider keys from existing OpenClaw installations.

Executive Summary

ZeptoClaw is a Rust-based personal AI assistant that positions itself as the "one that took notes" — studying OpenClaw's integrations, NanoClaw's security, and PicoClaw's minimalism, then building a single ~6MB binary that avoids each one's tradeoffs. Built by Aisar Labs, it launched in February 2026 and has shipped rapidly since: as of June 2026 it has grown from 301 to 640 GitHub stars, expanded from 5 to 9 channels, and released through v0.9.2.

AttributeValue
CreatorAisar Labs (@qhkm)
LaunchedFebruary 2026
FundingNot publicly disclosed (open source, no announced backing)
GitHub Stars640 ★ (as of June 2026)
Latest Releasev0.9.2 (April 7, 2026)
LicenseApache 2.0

Product Overview

ZeptoClaw targets users who want OpenClaw's feature set without OpenClaw's resource footprint. The pitch: 32+ tools, 9 channels, 9 providers, and container isolation — in a binary smaller than most npm modules.

The project explicitly positions itself against the "tradeoffs" of existing alternatives:

  • OpenClaw: 12 channels, 100+ skills, but 100MB and 400K lines of code
  • NanoClaw: Security-first, but still 50MB of TypeScript
  • PicoClaw: Runs on $10 hardware, but stripped out most features

ZeptoClaw's answer: take notes on what works, ship one binary that includes it all.

Key Capabilities

CapabilityDescription
Multi-Provider LLM9 providers — Claude, OpenAI, Google Vertex AI, and more — with auto-retry, fallback, and cost tracking
32+ ToolsShell, filesystem, web, memory, cron, Google Sheets, plugins
9 ChannelsTelegram, Slack, Discord, WhatsApp, Lark, Email, Webhook, CLI, Serial
Agent SwarmsDelegate to sub-agents with role-specific prompts
Container IsolationDocker or Apple Container per request
OpenClaw MigrationOne-command import of config, skills, and provider keys

Deployment Modes

ModeDescriptionUse Case
CLI AgentInteractive or streaming responsesLocal development
GatewayTelegram/Slack/Discord/Webhook listenerProduction deployment
BatchProcess prompts from text/JSONL filesBulk processing
ContainerizedFull isolation per requestHigh-security environments

Technical Architecture

ZeptoClaw is written in async Rust with Tokio, targeting production multi-tenant deployments where memory efficiency matters.

Architecture

┌─────────────────────────────────────────────────┐
│                 ZeptoClaw Binary                 │
│                    (~6MB)                        │
├─────────────────────────────────────────────────┤
│  ┌─────────────┐  ┌─────────────┐  ┌─────────┐ │
│  │   Channels  │  │   Tools     │  │ Plugins │ │
│  │ TG/Slack/DC │  │ 32+ built-in│  │  JSON   │ │
│  │ WA/Email/WH │  │ + extensible│  │ manifest│ │
│  └─────────────┘  └─────────────┘  └─────────┘ │
├─────────────────────────────────────────────────┤
│  Provider Stack: Claude → OpenAI (fallback)     │
│  Auto-retry (429/5xx) + Token budget tracking   │
└─────────────────────────────────────────────────┘
           ↓
┌─────────────────────────────────────────────────┐
│  Security Layers (all enabled by default)       │
│  Container → Prompt Guard → Secret Scanner →    │
│  Policy Engine → Input Validator → Shell Block  │
└─────────────────────────────────────────────────┘

Key Technical Details

AspectDetail
LanguageRust (async with Tokio)
Binary Size~6MB
RAM Usage~6MB per instance
Startup Time~50ms
Providers9 (Claude, OpenAI, Google Vertex AI, and others)
Tests1,300+
Open SourceYes (Apache 2.0)

Security Architecture

ZeptoClaw emphasizes security-by-default — all layers run automatically with no config required.

LayerWhat It Does
Container IsolationEvery shell command runs in Docker or Apple Container
Prompt Injection DetectionAho-Corasick multi-pattern matcher (17 patterns) + 4 regex rules
Secret Leak Scanner22 regex patterns catch API keys before they reach the LLM
Policy Engine7 rules blocking system file access, crypto keys, SQL injection
Input Validator100KB limit, null byte detection, repetition analysis
Shell BlocklistRegex patterns blocking reverse shells, rm -rf, privilege escalation
SSRF PreventionDNS pinning, private IP blocking, scheme validation
Tool Approval GateRequire confirmation before dangerous tools
Secret Encryption at RestXChaCha20-Poly1305 + Argon2id for stored credentials
Landlock Workspace AccessLinux kernel-level filesystem sandboxing (added v0.9.2)

Strengths

  • Balanced feature set — 32+ tools, 9 channels, and agent swarms in a ~6MB binary; doesn't strip features like PicoClaw
  • Security by default — Security layers enabled out of the box, now including secret encryption at rest and Landlock filesystem sandboxing; no flags to remember
  • OpenClaw migration pathzeptoclaw migrate imports config, skills, and keys in one command
  • Production-ready multi-tenancy — Isolated workspaces, per-tenant config, Prometheus metrics, ~6MB RAM per tenant
  • Modern Rust codebase — 1,300+ tests, async-first, memory-safe without GC overhead
  • Rapid feature velocity — v0.8–v0.9.2 (March–April 2026) added Google Vertex AI, ACP (Agent Client Protocol), OpenAI-compatible /v1/chat/completions serving, Telegram reactions/threading/photos, and a web panel

Cautions

  • Still young — Created February 12, 2026; ~4 months old with 640 stars as of June 2026
  • Release cadence has slowed — No tagged release since v0.9.2 (April 7, 2026), though commits continued through early June 2026
  • Fewer channels than OpenClaw — 9 channels vs OpenClaw's 12; no iMessage, IRC, or Matrix
  • Fewer skills — Plugin system available but less mature than OpenClaw's 100+ skills ecosystem
  • Maintainer concentration — 16 contributors, but @qhkm has authored the large majority of commits; bus factor remains a risk
  • Limited community validation — No substantial discussion threads on Hacker News or Reddit yet; little independent production track record

What Developers Say

Searches of Hacker News, Reddit, and Lobsters in June 2026 found no substantive community discussion threads about ZeptoClaw — the project has not yet generated the kind of public developer commentary that OpenClaw and ZeroClaw have. Third-party coverage so far is limited to comparison roundups of Rust agent runtimes and the project's own documentation. This absence is itself a data point: adoption signals (640 stars, 98 forks, 16 contributors) are growing, but independent practitioner reviews are not yet available.

Pricing & Licensing

TierPriceIncludes
Open SourceFreeFull functionality
API CostsVariableDepends on provider (Claude, OpenAI, etc.)

Licensing: Apache 2.0 — use commercially, modify freely, patent grant included.

Hidden costs: You pay for LLM API calls directly to providers.

Competitive Positioning

vs Other Claw Alternatives

AspectZeptoClawOpenClawNanoClawPicoClawZeroClaw
Binary~6MB~28MB~50MB~8MB3.4MB
RAM~6MB1GB+~200MB<10MB<5MB
Channels912136
Tools32+100+LimitedBasic15
ContainerLimitedWASM
MigrationN/A

When to Choose ZeptoClaw

  • Choose ZeptoClaw when: You want OpenClaw features in a smaller package with built-in security
  • Choose OpenClaw when: You need maximum integrations (12 channels) and the largest skill ecosystem
  • Choose ZeroClaw when: Security is paramount and you want WASM sandboxing
  • Choose PicoClaw when: Running on extremely constrained hardware (<10MB RAM)

Ideal Customer Profile

Best fit:

  • Users migrating from OpenClaw who want smaller footprint
  • Multi-tenant operators needing isolated workspaces
  • Security-conscious users wanting defaults, not config
  • Teams who need container isolation per request

Poor fit:

  • Users needing iMessage, IRC, or Matrix channels
  • Those requiring OpenClaw's 100+ skill ecosystem
  • Enterprise teams needing established vendor support
  • Early-stage projects that need battle-tested stability

Viability Assessment

FactorAssessment
Financial HealthN/A (open source; funding not publicly disclosed)
Market PositionGrowing entrant — stars doubled (301 → 640) between February and June 2026
Innovation PaceFast through April 2026 (v0.7 → v0.9.2 in ~7 weeks); slower since — commits continue but no release in 2 months
CommunityEarly (640 stars, 98 forks, 16 contributors as of June 2026)
Long-term OutlookCautiously positive — sustained 4-month development, but maintainer-concentrated

ZeptoClaw has cleared the first survival bar of the fast-churn claw ecosystem: four months in, it is actively maintained (commits through June 2026), has doubled its stars, attracted 16 contributors, and shipped major features (Vertex AI, ACP, OpenAI-compatible serving). The open questions are whether release cadence recovers from the post-April slowdown and whether the contributor base diversifies beyond @qhkm.

Bottom Line

ZeptoClaw is an ambitious attempt to synthesize the best of the claw ecosystem — OpenClaw's features, NanoClaw's security, PicoClaw's efficiency — without each one's tradeoffs. Four months in, the bet is holding: a ~6MB binary now carrying 32+ tools, 9 channels, 9 providers, 1,300+ tests, and security layers enabled by default, with stars doubling to 640.

Recommended for: Users who want a smaller OpenClaw with built-in security and are comfortable with a young project.

Not recommended for: Production deployments requiring proven stability, or users needing OpenClaw's full channel/skill ecosystem.

Outlook: Promising and still alive in a fast-churn ecosystem, but not yet community-validated — no tagged release since April 2026 and no independent developer commentary to point to. The OpenClaw migration command remains a smart adoption wedge; the next test is whether @qhkm's momentum and the small contributor base sustain through the second half of 2026.

Research by Ry Walker Research • methodology

Sources

Share on XShare on LinkedIn