The Wild Six-Week Hustle: How NanoClaw’s Creator Sealed the Docker Deal

A remarkably eventful period has unfolded for Gavriel Cohen, the inventor of NanoClaw. 

Around six weeks prior, he presented NanoClaw on Hacker News, describing it as a minute, open-source, and secure substitute for the sensational AI agent-building platform OpenClaw. He had crafted it during an intense weekend coding spree. That particular write-up rapidly gained immense popularity.  

“I settled onto the sofa in my sweatpants,” Cohen recounted to TechCrunch, “and just essentially merged into [it] for the entire weekend, likely nearly 48 hours straight.”  

Approximately three weeks earlier, a post on X lauding NanoClaw from renowned AI researcher Andrej Karpathy also became widely known.  

About seven days ago, Cohen ceased operations of his AI marketing venture to devote his full attention to NanoClaw and establish a new enterprise around it, named NanoCo. The attention garnered from Hacker News and Karpathy had resulted in 22,000 stars on GitHub, 4,600 forks (individuals developing new versions from the project), and over 50 contributors. He has already incorporated hundreds of improvements into his project, with numerous more awaiting implementation. 

Presently, on Friday, Cohen declared an agreement with Docker — the corporation largely responsible for pioneering the container technology upon which NanoClaw is built, and which boasts millions of developers and nearly 80,000 corporate clients — to integrate Docker Sandboxes into NanoClaw. 

Concerning security aspects of OpenClaw 

The journey commenced when Cohen, alongside his brother, Lazer Cohen, launched an AI marketing startup several months ago. This venture offered promotional solutions such as market investigations, go-to-market assessments, and blog content via a modest team utilizing AI agents.  

The firm began acquiring clients and was projected to achieve $1 million in yearly recurring revenue, as reported by the brothers to TechCrunch. 

“Things were progressing exceptionally well, with excellent momentum. I am a staunch advocate for that business paradigm of AI-native service companies that possess healthy profit margins and operate akin to a software firm, yet actually deliver services,” stated Cohen, a computer programmer who previously served at the website hosting company Wix.

He had constructed the agents employed by the startup, primarily using Claude Code, each tailored for specific functions. However, a “component” remained absent, he noted. While the agent could execute tasks upon prompting, humans could not pre-schedule work or link agents to team communication platforms like WhatsApp to assign duties that way. (WhatsApp serves much of the global population in a manner similar to Slack for corporate America.) 

Cohen learned about OpenClaw, the widely used AI agent utility whose originator now works for OpenAI. Cohen utilized it to develop those concluding interfaces and was highly impressed. 

“There was this significant epiphany: this is the element that interconnects all these disparate workflows I’ve been constructing,” he articulated, and promptly resolved, “I desire more of them: for research and development, for product management, for client relations,” one for every responsibility the startup needed to manage. 

Nevertheless, OpenClaw subsequently gave him a tremendous fright. 

While investigating a performance anomaly, he encountered a file where the OpenClaw agent had downloaded all his WhatsApp conversations and preserved them in clear, unencrypted text on his machine. Not merely the work-related communications to which it was granted explicit authorization, but every single one, including his personal messages.  

OpenClaw has been extensively criticized as a “security catastrophe” due to its method of accessing memory and account permissions. It proves challenging to restrict its access to data on a device once it has been installed.  

That particular concern will likely improve over time, given the project’s widespread adoption, but Cohen harbored another worry: the sheer magnitude of OpenClaw. As he explored security alternatives for it, he observed all the bundles that had been integrated. It even contained an “unfamiliar” open-source project he himself had authored a few months prior for editing PDFs using a Google image manipulation model. He had no awareness of its presence — he wasn’t even actively maintaining that particular project.  

He realized it was impossible for him to verify all of OpenClaw’s programming and its supporting elements, which, by some estimations, expanded across 800,000 lines of code. 

Consequently, he devised his own with merely 500 lines of code, intended for his own enterprise, and made it available. He based it on Apple’s novel container technology, which establishes isolated environments that prevent software from accessing any data on a machine beyond what it is explicitly permitted to use.

Achieving widespread fame

At 4 a.m., several weeks after disseminating it on Hacker News, his phone began ringing ceaselessly. A friend had spotted Karpathy’s post and was urging Cohen to awaken and commence tweeting, which he did, initiating a public discourse with the renowned AI researcher.  

A flood of interest followed NanoClaw. More tweets, YouTube analyses from programmers, and journalistic pieces. Even a domain speculator seized a NanoClaw website address. The correct one is nanoclaw.dev. 

Then Oleg Selajev, a developer employed by Docker, reached out. Selajev observed the excitement and customized NanoClaw to substitute Apple’s container technology with Docker’s rival offering, Sandboxes.

Cohen had no reluctance about releasing support for Sandboxes as part of the primary NanoClaw project. “This is no longer my personal agent operating on my Mac Mini,” he recollected thinking. “This now boasts a community surrounding it. Thousands of individuals are utilizing it. Yes, I decided, I will transition to the established standard.” 

Despite all the transformations these weeks have brought for Cohen and his brother Lazer, now CEO and president of NanoCo respectively, one aspect still requires resolution: how NanoCo will generate revenue. 

NanoClaw is available without cost and is open source, and, as is customary for such initiatives, the Cohens pledge it will always remain so. They recognize they would be severely condemned if they ever betrayed the open-source community by altering that. Currently, the Cohens are sustained by a fundraising round from friends and family, they stated.  

While they are circumspect about revealing their commercial strategies just yet — largely because they haven’t had an opportunity to fully define them — venture capitalists are already contacting them, they affirm. 

The strategic objective is to develop a fully supported commercial offering with provisions including what are termed forward-deployed engineers — specialists embedded directly within client corporations to assist them in constructing and overseeing their systems. This will likely concentrate on aiding companies in building and maintaining secure agents. That, however, is a competitive arena becoming increasingly saturated by the hour. 

Nevertheless, given the enormous collective of developers that NanoClaw has just made accessible with Docker, we are certain to receive further updates on this soon.

Depicted above from left to right: Lazer and Gavriel Cohen.