← Back to research
·4 min read·opensource

ZeroClaw

ZeroClaw is a security-first Rust AI assistant that runs on $10 hardware with under 5MB RAM. Built by Harvard/MIT students with WASM sandboxing, credential protection, and 1,017 tests.

https://github.com/zeroclaw-labs/zeroclaw
personal-agentsopen-sourcerustsecurityanthropicdiscordgithubgoopenaisqlite

Key takeaways

  • Under 5MB RAM and sub-10ms startup — 99% less memory than OpenClaw
  • Security-first: WASM sandbox, credential protection, prompt injection defense, 1,017 tests
  • Single 8.8MB Rust binary with no runtime dependencies
  • Built by Harvard, MIT, and Sundai.Club students

FAQ

How does ZeroClaw compare to OpenClaw on security?

ZeroClaw uses WASM sandboxing, encrypted credential storage, and prompt injection defense. OpenClaw relies on application-level allowlists. ZeroClaw's 1,017 tests vs OpenClaw's lighter test coverage.

What hardware can run ZeroClaw?

Any $10 ARM/RISC-V/x86 board. Under 5MB RAM, sub-10ms cold start on release builds.

Who built ZeroClaw?

Students and members from Harvard, MIT, and Sundai.Club communities.

Overview

ZeroClaw is a security-first Rust AI assistant built by students from Harvard, MIT, and the Sundai.Club community.[1] The project prioritizes security, efficiency, and portability — running on $10 hardware with under 5MB RAM while maintaining comprehensive security features.

With 16,000+ GitHub stars since launching February 13, 2026, ZeroClaw has become the go-to alternative for security-conscious deployments.

Key Stats

MetricValue
GitHub Stars16K+
LanguageRust
Binary Size8.8MB
RAM UsageUnder 5MB
StartupUnder 10ms
Tests1,017
CreatedFebruary 13, 2026

Benchmark vs Alternatives

OpenClawNanoBotPicoClawZeroClaw
LanguageTypeScriptPythonGoRust
RAM1GB+100MB+Under 10MBUnder 5MB
Startup (0.8GHz)500s+30s+Under 1sUnder 10ms
Binary~28MBN/A~8MB~8.8MB
Hardware Cost$599 Mac~$50 SBC$10 board$10 board

Installation

# Homebrew (macOS/Linux)
brew install zeroclaw

# Or build from source
git clone https://github.com/zeroclaw-labs/zeroclaw.git
cd zeroclaw
cargo build --release --locked
cargo install --path . --force --locked

# Quick setup
zeroclaw onboard --api-key sk-... --provider openrouter

# Or interactive
zeroclaw onboard --interactive

# Chat
zeroclaw agent -m "Hello, ZeroClaw!"

# Start daemon
zeroclaw daemon

Pre-built binaries available for Linux (x86_64, aarch64, armv7), macOS (x86_64, aarch64), and Windows (x86_64).

Security Features

FeatureDescription
WASM SandboxCode execution isolated in WebAssembly
Credential ProtectionEncrypted at rest with AES-256
Prompt Injection DefenseDetection and filtering of injection attempts
Gateway PairingSecure device authentication
Explicit AllowlistsWhitelist-based access control
Workspace ScopingIsolated workspaces per context

Channel Support

PlatformStatus
CLI
Telegram
Discord
Slack
iMessage
Matrix
WhatsApp
Webhook

Provider Support

  • Ollama — Local models (22+ supported)
  • OpenRouter — Access to all major models
  • Anthropic — Claude direct
  • OpenAI — Including Codex OAuth
  • 22+ cloud providers — Comprehensive coverage

Architecture

User → Channel → ZeroClaw Daemon → WASM Sandbox → LLM Provider
                      ↓
              Memory (SQLite + FTS5 + Vector)

Trait-driven design — Core systems (providers, channels, tools, memory, tunnels) are Rust traits, making everything swappable.

Hybrid memory — SQLite with FTS5 full-text search plus vector cosine similarity for semantic retrieval.

Strengths

  • Security-First — WASM sandbox, encryption, injection defense
  • Extreme Efficiency — Under 5MB RAM, 10ms startup
  • Rust Reliability — Memory safety, 1,017 tests
  • Portable — Single binary across ARM, x86, RISC-V
  • No Lock-In — OpenAI-compatible + pluggable custom endpoints
  • Migration Pathzeroclaw migrate openclaw imports OpenClaw data
  • Active Community — Telegram, Discord, Reddit, Xiaohongshu

Weaknesses / Considerations

  • Young Project — Launched February 13, 2026
  • Impersonation Issues — Warning about fake domains/repos (zeroclaw.org)
  • Rust Build Time — Compilation requires 2-4GB RAM
  • Smaller Ecosystem — Fewer skills than OpenClaw
  • Claude OAuth Warning — Anthropic's Feb 19 terms update restricts OAuth use

Who Built It

Students and members from Harvard, MIT, and the Sundai.Club community. The project has active communities in English, Chinese, Russian, Japanese, French, and Vietnamese.

Ideal User

  • Security-conscious deployments requiring isolation and encryption
  • Edge/embedded systems with under 10MB RAM available
  • Production environments needing reliability (1,017 tests)
  • Rust developers wanting to contribute or customize
  • Privacy-focused individuals who need data to stay local

Bottom Line

ZeroClaw is what you run when OpenClaw's security model keeps you up at night. The WASM sandbox, credential encryption, and prompt injection defense address the main criticisms of OpenClaw's "everything runs with full host access" approach.

The efficiency numbers are remarkable — under 5MB RAM and 10ms startup means this runs on genuinely cheap hardware. The 1,017 tests suggest someone is taking reliability seriously.

The main caveat is age. Launched February 13, 2026, it's barely a week old. The impersonation warnings (fake domains, unauthorized forks) suggest rapid growth but also ecosystem confusion.

For security-critical deployments or edge hardware, ZeroClaw is currently the best option. For maximum features, stick with OpenClaw. For simplicity, try NanoBot.

Sources

Share on XShare on LinkedIn