NanoClaw & Docker: The “Peanut Butter & Jelly” of AI Security
NanoClaw is a minimalist, open-source AI agent platform (inspired by OpenClaw) designed to run personal assistants (like Claude) with a heavy focus on security and audibility. Unlike its predecessors, which often run directly on the host machine with broad permissions, NanoClaw is built from the ground up to be container-native.
The combination of NanoClaw and Docker (specifically Docker Sandboxes) creates a “dual-layer” security model:
- The Container Layer: NanoClaw places every individual agent into its own Docker container. This prevents “cross-contamination”—for example, a sales agent cannot see the data or chat history of a personal finance agent.
- The Sandbox Layer (MicroVM): By running the entire NanoClaw environment within a Docker Sandbox, the platform is isolated from your host OS via a MicroVM. If an agent tries to “escape” its container or run a malicious script, it remains trapped inside the VM, unable to access your actual files or hardware.
Installation Guide: NanoClaw in a Docker Sandbox
This guide uses the “Shell Sandbox” method, which is the most secure way to deploy NanoClaw as of March 2026.
Prerequisites
- Docker Desktop 4.57+ installed and running.
- Docker Sandboxes CLI (ensure
docker sandboxis available). - Anthropic API Key (Claude).
Step 1: Create the Workspace & Sandbox
Create a dedicated directory on your host machine. This is the only folder the AI will ever be able to see.
Bash
mkdir -p ~/nanoclaw-workspace
docker sandbox create --name nanoclaw shell ~/nanoclaw-workspace
Step 2: Enter the Sandbox
This command drops you into a secure Ubuntu-based MicroVM environment.
Bash
docker sandbox run nanoclaw
Step 3: Configure the Credential Proxy
To keep your API keys 100% safe, we use Docker’s proxy. This ensures your real Anthropic key never exists as a plain-text string inside the sandbox.
Bash
mkdir -p ~/.claude && cat > ~/.claude/settings.json << 'EOF'
{
"apiKeyHelper": "echo proxy-managed",
"defaultMode": "bypassPermissions",
"bypassPermissionsModeAccepted": true
}
EOF
Step 4: Install & Launch NanoClaw
Inside the sandbox shell, run the following:
Bash
# 1. Install Claude Code (the engine)
npm install -g @anthropic-ai/claude-code
# 2. Clone and install NanoClaw
git clone https://github.com/qwibitai/nanoclaw.git
cd nanoclaw
npm install
# 3. Run the setup wizard
claude
# Inside Claude, type: /setup
Follow the prompts to scan the WhatsApp QR code and select Docker as your container runtime.
Best Practices for a Secure Structure
To implement NanoClaw in a production or high-security environment, follow these architectural principles:
| Feature | Best Practice Recommendation |
| Isolation | Never run NanoClaw directly on your host machine. Always use the docker sandbox MicroVM layer. |
| Mounting | Only mount the specific folder the agent needs (~/nanoclaw-workspace). Avoid mounting your entire Documents or Home folder. |
| Credential Management | Use the apiKeyHelper proxy shown in Step 3. Never hardcode keys in .env files inside the container. |
| Agent Roles | Use the “Main Agent” only for orchestration. Create specialized “Skill Agents” (e.g., a Web Search Agent) that have restricted permissions. |
| Network Security | Disable internet access for agents that deal with sensitive local data unless absolutely necessary. |
Why this structure works:
- Reduced Attack Surface: NanoClaw’s codebase is ~4,000 lines (vs. 500,000 in some alternatives), making it easy to audit.
- Blast Radius Control: If a prompt injection attack occurs, the “blast radius” is limited to a single, disposable container.
- Ephemeral Environments: You can wipe the sandbox (
docker sandbox rm nanoclaw) at any time to return to a clean slate.
