NanoClaw moved from Apple Containers to Docker

Original Article ↗ Hacker News Discussion ↗

Container choice and compatibility

  • Move from Apple Containers to Docker is welcomed by many as broadening hosting options and making deployment easier for Linux users.
  • Some note Apple Containers are already OCI-compatible but currently buggy, especially around networking, and generally immature.
  • A few prefer alternatives like Podman or containerd, calling Docker bloated or “cancer,” while others are shifting away from Docker entirely toward qemu VMs for better isolation and Docker‑in‑Docker support.
  • Several comments criticize macOS sandboxing DX overall (Seatbelt, Apple Containers) as painful and underdeveloped.

Security, sandboxing, and what containers actually buy you

  • There’s strong agreement that containers are not a true security boundary against a hostile or compromised agent; they’re likened to seatbelts or helmets—helpful but limited.
  • One approach: run all plugins in a single Docker container but isolate them by Unix users so they can’t read each other’s code or secrets, with secrets managed outside the LLM.
  • Others argue Docker adds little beyond running the agent under an unprivileged account, and that real hardening needs VMs or qemu.
  • Some are uneasy with agents trying to manage their own sandboxing, which would then need to be sandboxed again, leading to nested virtualization complexity.

What ‘claws’ actually add vs. plain LLM + cron

  • Many argue there is “no special sauce”: it’s just Claude/LLM in a loop with cron‑style scheduling, a watchdog/heartbeat, some shared memory, and messaging integrations.
  • Proponents say the key value is always-on, proactive behavior plus many integrations: checking calendars, adjusting events, monitoring sources, fetching and transforming content, and doing multi-step workflows (e.g., auto-finding and sending Kindle books, normalizing calendar entries).
  • Skeptics counter that existing tools (calendars, scripts, price alerts, travel agents) already solve most examples more safely and deterministically.

DIY agents and Unix-style alternatives

  • Several users share lightweight, roll-your-own setups: cron jobs that wake Claude, small Go daemons that bridge Slack/Discord/WhatsApp to a CLI, email-based loops, or home-server agents; often set up with the help of an LLM itself.
  • Advocates of this “Unix way” prefer small, composable tools over a large “claw” framework and see the *claw projects as mainly convenience and prebuilt integrations for non-coders.

Reliability, hype, and risk

  • At least one NanoClaw user reports very brittle behavior (failed Facebook login workflow, confusing JSON artifacts, unresponsive bot) and sees stars as hype-driven.
  • Several worry about “prompt injection as a service” and huge attack surfaces when agents get access to email, browsers, and password reset flows; others note ongoing experiments and partial defenses but concede that real-world conditions are messy.
  • The broader tone is divided: some see agents as a huge unlock worth experimenting with, others see them as over-engineered, over-hyped, and risky—comparing the frenzy to past tech manias and container-orchestration bandwagons.