HN Showcase
Back to browse
GitHub Repository

A secure, stable Rust alternative to openclaw/moltbot/clawdbot

46 starsRust

Carapace – A security-hardened Rust alternative to OpenClaw

by puremachinery·Feb 12, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainNiche Gem

Hardened Rust alternative to OpenClaw, but early (v0.1 preview, still rough edges).

Strengths
  • Security architecture explicitly addresses Jan 2026 OpenClaw CVEs: localhost-only, fail-closed auth, OS keychain storage, signed WASM plugins.
  • Multi-provider LLM engine with streaming and tool dispatch across Anthropic, OpenAI, Ollama, Gemini, Bedrock.
  • WASM plugin sandbox with Ed25519 verification, memory/CPU limits, and capability enforcement — solid supply-chain defense.
Weaknesses
  • Pre-release stability (v0.1-preview3); clustering, failover, and full Windows sandboxing incomplete or missing.
  • Narrower feature scope than OpenClaw: no WhatsApp/Teams/iMessage, no companion apps, no browser control or multi-agent routing yet.
Target Audience

Security-conscious developers, self-hosted AI enthusiast, teams wanting local control of AI assistants

Similar To

OpenClaw · ClawBot · Continue (Cursor alternative)

Post Description

Carapace is an open-source personal AI assistant gateway written in Rust. It connects to Anthropic, OpenAI, Ollama, Gemini, and Bedrock, and works through Discord, Telegram, Signal, Slack, and webhooks. Apache-2.0 licensed.

I started building it after the January 2026 OpenClaw security disclosures — 42K exposed instances on Shodan (78% still unpatched), 3 CVEs with public exploits, 341+ malicious skills on ClawHub (Snyk found 36% of all skills have security flaws), 1-click RCE via the Control UI, plaintext credentials harvestable by commodity infostealers. The problems weren't bugs; they were architecture decisions — open by default, no signing, full host privileges, secrets in JSON files. The February wave from Kaspersky, Palo Alto, Snyk, and SecurityScorecard made it worse, not better.

Carapace takes the opposite defaults: localhost-only binding, fail-closed auth, OS keychain credential storage, Ed25519-signed WASM plugins with capability sandboxing, prompt guard with exec approval, SSRF/DNS-rebinding defense. The security comparison doc walks through each OpenClaw vulnerability and how Carapace handles it: https://github.com/puremachinery/carapace/blob/master/docs/s...

This is a preview release — Discord works end-to-end, ~5,000 tests pass, but the Control UI frontend isn't built yet and subprocess sandboxing isn't fully wired. The security architecture is real; the polish isn't.

Similar Projects

AI/ML●●Solid

Nenya – A lightweight, highly secure AI API Gateway/Proxy written in Go

Secret redaction and mlock security for AI gateways when LiteLLM already exists.

Big BrainSlick
garou
201d ago
Security●●Solid

NixOS flake for hardened OpenClaw deployment

Two lines in your flake flip OpenClaw from alarmingly exposed to locked-down: gateway auth, localhost binding, Caddy auto-TLS, strict systemd directives, tool allowlists, and fail2ban are all wired in. It's a pragmatic, opinionated safety wrapper that saves you from the default footguns — just expect it to be useful only if you already live in the NixOS/OpenClaw world.

Niche GemSolve My Problem
scout_agent
104mo ago