Red Hat’s OpenClaw maintainers have made enterprise Claw deployments more secure

On Tuesday, Red Hat Principal Software Engineer Sally O’Malley released a new open source tool called Tank OS to make deploying and managing OpenClaw agents more secure and easier.

“This was a fun project we put together over the weekend that we knew was a great fit for AI and the direction we’re going,” she told TechCrunch, adding that she wanted to bring it “to the masses.”

Tank OS is aimed at power users who want to run OpenClaw on their computers and IT professionals who manage their enterprise’s OpenClaw agent fleet. This makes OpenClaw more secure and easier to maintain overall.

Countless people, companies, and startups have already invented a better way to use OpenClaw, an open source project that installs AI agents on local computers. A growing number of startups are also developing competing nail alternatives (such as NanoClaw) that they claim are safer.

What makes O’Malley’s project notable is that she is a maintainer of OpenClaw. That means she’s one of the chosen software engineers who works with creator Peter Steinberger to decide which features and bugs to work on. Her focus is on making OpenClaw work better in enterprise use cases and with Red Hat’s diverse range of Linux operating systems. (Although Steinberger is employed by OpenAI, he still leads the independent open source OpenClaw project.)

O’Malley said he joined OpenClaw because he believes it is “an open way for anyone to do AI in a secure way.”

But she started thinking about what would happen if OpenClaw infiltrated a company, and decided to build a tool to prepare for that eventuality. She started with an open source container tool called Podman created by a colleague at Red Hat. Containers are a way to run apps separate from the underlying computer, bundled with everything needed to run them. For example, you can run Linux apps on Windows or Mac machines.

According to Red Hat, Podman is a particularly secure way to do this because it is “rootless,” meaning it does not give the container any privileges from the underlying machine.

Tank OS loads OpenClaw into Red Hat’s Fedora Linux OS inside a Podman container and turns that container into a bootable image. This means that OpenClaw runs and starts when your computer starts.

Her tools include everything needed to make OpenClaw useful without human supervision, including state (the parts that can be remembered). Ability to store API keys (credentials for accessing subscriptions and services). There are functions such as.

Users can run multiple Tank OS instances on their machines to perform various tasks, but they do not share passwords or credentials between them, and OpenClaw instances cannot access anything else running on the computer.

O’Malley said he knows the OpenClaw project is working to make the agent more secure, but that while “this is a very powerful application,” it can be “dangerous” if not configured properly. “It’s not an easy tool to use unless you have some technical experience,” she said.

Stories range from a meta-AI security researcher whose Claw started deleting all of his work emails to an agent who downloaded all of his users’ WhatsApp DMs in clear text. Malware targeting OpenClaw users is also on the rise.

Admittedly, Tank OS isn’t for techno novices either, she says. You must be comfortable installing and maintaining software on computers, she says. Additionally, Tank OS is not the only OpenClaw implementation that runs inside containers. For example, NanoClaw is doing something similar to the famous container company Docker.

But Tank OS is intended to be especially useful to IT professionals (aka Red Hat’s primary customers) who may one day manage fleets of OpenClaw agents on corporate computers. This allows you to update agents in the same way you already manage other containers.

“My role within OpenClaw is really interesting,” O’Malley said. “If you have millions of autonomous agents communicating with each other, what does that look like when you scale it out?”