Docker와의 거래로 이어진 NanoClaw 제작자의 거친 6주

It’s been a whirlwind for NanoClaw creator Gavriel Cohen. About six weeks ago, he introduced NanoClaw on Hacker News as a tiny, open source, secure alternative to the AI agent-building sensation OpenClaw, after he built it in a weekend coding binge. That post went viral. “I sat down on the couch in my sweatpants,” Cohen told TechCrunch, “and just basically melted into [it] the whole weekend, probably almost 48 hours straight.” About three weeks ago, an X post praising NanoClaw from famed AI researcher Andrej Karpathy went viral. About a week ago, Cohen closed down his AI marketing startup to focus full-time on NanoClaw and launch a company around it called NanoCo. The attention from Hacker News and Karpathy had translated into 22,000 stars on GitHub, 4,600 forks (people building new versions off the project), and over 50 contributors. He’s already added hundreds of updates to his project with hundreds more in the queue. Now, on Friday, Cohen announced a deal with Docker — the company that essentially invented the container technology NanoClaw is built on, and counts millions of developers and nearly 80,000 enterprise customers — to integrate Docker Sandboxes into NanoClaw. Scary security of OpenClaw It all started when Cohen launched an AI marketing startup with his brother, Lazer Cohen, a few months ago. The startup offered marketing services like market research, go-to-market analysis, and blog posts through a small team of people using AI agents. Disrupt 2026: The tech ecosystem, all in one room Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400. Save up to $300 or 30% to TechCrunch Founder Summit 1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately Offer ends March 13. The agency started booking customers, and was on track to hit $1 million in annual recurring revenue, the brothers told TechCrunch. “It was going really well, great traction. I’m a huge believer in that business model of AI-native service companies that have margins and operate like a software company but are actually providing services,” said Cohen, a computer programmer who previously worked for website hosting company Wix. He had built the agents the startup was using, largely using Claude Code, each designed to do specific tasks. But there was “a piece” missing, he said. The agent could do work when prompted, but the humans couldn’t pre-schedule work, or connect agents to team communication tools like WhatsApp and assign tasks that way. (WhatsApp is to most of the world what Slack is to corporate America.) Cohen heard about OpenClaw, the popular AI agent tool whose creator now works for OpenAI. Cohen used it to build out those final interfaces, and loved it. “There was this big aha moment of: This is the piece that connects all of these separate workflows that I’ve been building,” he said and immediately decided, “I want more of them: on R& D, on product, on client management,” one for every task the startup had to handle. But then OpenClaw scared the bejesus out of him. In researching a hiccup with performance, he stumbled across a file where the OpenClaw agent had downloaded all of his WhatsApp messages and stored them in plain, unencrypted text on his computer. Not just the work-related messages it was given explicit access to, but all of them, his personal messages too. OpenClaw has been widely panned as a “security nightmare” because of the way it accesses memory and account permissions. It is difficult to limit its access to data on a machine once it has been installed. That issue will likely improve over time, given the project’s popularity, but Cohen had another concern: the sheer size of OpenClaw. As he researched security options for it, he saw all the packages that had been bundled into it. It included an “obscure” open source project he himself had written a few months earlier for editing PDFs using a Google image editing model. He had no idea it was there — he wasn’t even actively maintaining that project. He realized there was no way for him to validate all OpenClaw’s code and its dependencies, which, by some estimates, sprawled across 800,000 lines of code. So he built his own in just 500 lines of code, intended to be used for his company, and shared it. He based it on Apple’s new container tech, which creates isolated environments that prevent software from accessing any data on a machine beyond what it is explicitly authorized to use. Going viral At 4 a.m., a couple of weeks after sharing it on Hacker News, his phone started rin