[REPORT] IronClaw: OpenClaw in Rust for Privacy and Security
IronClaw is an OpenClaw-inspired implementation in Rust focused on privacy and security developed by the NEAR AI team, including Illia Polosukhin.
Illia Polosukhin unveiled (Feb. 9) the development of IronClaw, described as “an OpenClaw-inspired implementation in Rust focused on privacy and security.”
“People are losing their funds and credentials using OpenClaw. A number of people have stopped using it as [they are] afraid it will leak all of their information. We started working on [a] security-focused version - IronClaw. It’s Rust-based, all tools run in [an] isolated WASM environment,” Illia posted on X earlier this Monday.
The software can be found in the GitHub repository owned by NEAR AI at github.com/nearai/ironclaw and has three listed contributors:
Illia Polosukhin (Illia Polosukhin)
Claude (by Anthropic AI)
Firat Sertgoz (serrrfirat on X and GitHub)
Illia is the NEAR Protocol co-founder and co-author of the AI paper Attention is All You Need, which puts the “T” in “GPT” for AI models, enabling the LLMs as we know them.
Claude is one of the leading LLMs, especially for solutions focused on writing code. It had 71 commits on IronClaw, while Illia had 90 by the time of this writing.
Sertgoz was a NEAR protocol core dev and has known contributions to nearcore, nearai, and other crypto-, AI-, and privacy-related projects.
README.MD
Philosophy
IronClaw is built on a simple principle: your AI assistant should work for you, not against you.
In a world where AI systems are increasingly opaque about data handling and aligned with corporate interests, IronClaw takes a different approach:
Your data stays yours - All information is stored locally, encrypted, and never leaves your control
Transparency by design - Open source, auditable, no hidden telemetry or data harvesting
Self-expanding capabilities - Build new tools on the fly without waiting for vendor updates
Defense in depth - Multiple security layers protect against prompt injection and data exfiltration
IronClaw is the AI assistant you can actually trust with your personal and professional life.
Features
Security First
WASM Sandbox - Untrusted tools run in isolated WebAssembly containers with capability-based permissions
Credential Protection - Secrets are never exposed to tools; injected at the host boundary with leak detection
Prompt Injection Defense - Pattern detection, content sanitization, and policy enforcement
Endpoint Allowlisting - HTTP requests only to explicitly approved hosts and paths
Always Available
Multi-channel - REPL, HTTP webhooks, and extensible WASM channels (Telegram, Slack, and more)
Heartbeat System - Proactive background execution for monitoring and maintenance tasks
Parallel Jobs - Handle multiple requests concurrently with isolated contexts
Self-repair - Automatic detection and recovery of stuck operations
Self-Expanding
Dynamic Tool Building - Describe what you need, and IronClaw builds it as a WASM tool
MCP Protocol - Connect to Model Context Protocol servers for additional capabilities
Plugin Architecture - Drop in new WASM tools and channels without restarting
Persistent Memory
Hybrid Search - Full-text + vector search using Reciprocal Rank Fusion
Workspace Filesystem - Flexible path-based storage for notes, logs, and context
Identity Files - Maintain consistent personality and preferences across sessions
