I haven't used them all but based on my partial research so far:

- OpenClaw: the big one, but extremely messy codebase and deployment

- NanoClaw: simple, main selling point is that agents spawn their own containers. Personally I don't see why that's preferable to just running the whole thing in a container for single-user purposes

- IronClaw: focused on security (tools run in a WASM sandbox, some defenses against prompt injection but idk if they're any good)

- PicoClaw: targets low-end machines/Raspberry Pis

- ZeroClaw: Claw But In Rust

- NanoBot: ~4k lines of Python, easy to understand and modify. This is the one I landed on and have been using Claude to tweak as needed for myself

IronClaw’s security architecture sounds plausible, but I have not audited it. Plugins can only access remote endpoints you’ve specifically allowed it for. Secrets aren’t available to the LLM - they are injected where the LLM requires it but only secrets authorized for that plugin are available to it. Together those two things provide an answer to a huge range of the most common prompt injection vulnerabilities, such as credential extraction. So you can give it access to your bank account and email and it can’t email your bank password to an attacker. But it could still transfer money to them.

The only secure way to use any of these tools is to give them very limited access - if they need a credit card give them a virtual card with a low limit, or even its own bank account. They can send email but only from their own account; like a human personal assistant. But of course this requires careful thought and adds friction to every new task, so people won’t be doing it.

Everything supports WA, Telegram, etc. I wish it wasn't so hard to hook up Signal to anything.

I'm using the signal-cli-rest-api but the whole setup feels kinda wonky.

Which would you say has the best cron and heartbeat implementation?