Secure AI Agents in Rust
A lightweight, security-first agentic AI runtime. Drop-in replacement for OpenClaw with 10ร less memory and built-in sandboxing.
curl -fsSL https://raw.githubusercontent.com/rexlunae/RustyClaw/main/scripts/setup.sh | bash
โ ๏ธ Early Development โ RustyClaw is actively developed and ~60% feature-complete compared to OpenClaw. Core tools work great; some platform features are still in progress.
Why RustyClaw?
Same powerful agent ecosystem, reimagined in Rust with security as a first-class concern.
| Feature | RustyClaw | OpenClaw (Node.js) |
|---|---|---|
| Memory usage | ~15 MB | ~150 MB |
| Startup time | <50 ms | ~500 ms |
| Binary size | ~8 MB | ~200 MB (with node) |
| Sandbox isolation | Built-in (Landlock/bwrap/macOS) | External only |
| Secrets vault | AES-256 + TOTP 2FA | External (1Password, etc.) |
| Raspberry Pi | Native ARM builds | Works, but heavy |
Built for Security
AI agents are powerful but can't always be trusted. RustyClaw assumes adversarial behavior.
Encrypted Secrets Vault
AES-256 encryption for API keys and credentials. Optional TOTP 2FA with rate limiting and lockout protection.
Kernel Sandboxing
Landlock LSM (Linux 5.13+), Bubblewrap containers, or macOS sandbox-exec. Agent tools can't escape.
Credential Access Policies
Per-secret policies: Always, WithApproval, WithAuth, SkillOnly. You control what the agent can access.
Protected Directories
Credentials directory is off-limits to agent tools. Path validation at multiple layers.
Memory Safety
Written in Rust. No buffer overflows, use-after-free, or data races. Auditable codebase.
Feature-Gated Builds
Compile only what you need. Headless server? TUI only? Full desktop? You choose.
Project Status
Transparent progress tracking. We believe in honest communication.
Core Tools Complete
30/30 agentic tools implemented with full OpenClaw parity.
Security Model Complete
Vault, policies, TOTP, sandboxing all functional.
Providers Complete
OpenAI, Anthropic, Google, xAI, Ollama, OpenRouter, custom.
Messengers Partial
Discord, Telegram, Signal, Matrix. Missing WhatsApp, Slack, iMessage.
TUI & CLI Complete
Full terminal interface with slash-commands and tab-completion.
Platform Features In Progress
Voice, companion apps, web dashboard still to come.
Get Started in 60 Seconds
One-line install scripts handle prerequisites automatically.
# One-line install (Rust + RustyClaw) curl -fsSL https://raw.githubusercontent.com/rexlunae/RustyClaw/main/scripts/setup.sh | bash # Or with all extras (Ollama, exo cluster) curl -fsSL https://raw.githubusercontent.com/rexlunae/RustyClaw/main/scripts/setup.sh | bash -s -- --all # Then configure and start rustyclaw onboard rustyclaw tui
# One-line install (Run PowerShell as Administrator) irm https://rexlunae.github.io/RustyClaw/install.ps1 | iex # Or with all features irm https://rexlunae.github.io/RustyClaw/install.ps1 -OutFile install.ps1; .\install.ps1 -Full # Then configure and start rustyclaw onboard rustyclaw tui
โ ๏ธ Requires Visual Studio Build Tools (the installer will guide you)
# 1. Install Rust (if not installed) curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh # 2. Install build dependencies # Debian/Ubuntu: sudo apt install build-essential pkg-config libssl-dev libdbus-1-dev # Fedora: sudo dnf install gcc pkg-config openssl-devel dbus-devel # macOS: brew install openssl pkg-config # 3. Install RustyClaw cargo install rustyclaw # 4. Configure and start rustyclaw onboard rustyclaw tui
Security Checklist
What we've built to keep your system safe from rogue agents.