On Tuesday, Sally O’Malley, a principal software engineer at Red Hat, unveiled a new open source tool called Tank OS designed to simplify the deployment and management of OpenClaw agents while enhancing safety.

Tank OS targets power users who want to run OpenClaw on their personal machines, as well as IT professionals overseeing large fleets of corporate OpenClaw agents. The tool makes OpenClaw safer and easier to maintain at scale. A growing number of individuals, companies, and startups are already developing better ways to work with OpenClaw—an open source project that installs an AI agent on a local computer. Meanwhile, a rising cohort of startups is building competing claw alternatives, such as NanoClaw, which they claim are more secure. What sets O’Malley’s project apart is her role as an OpenClaw maintainer. This means she is among the select software engineers collaborating with creator Peter Steinberger to decide which features and bugs receive attention. Her focus is on improving OpenClaw for enterprise use and ensuring compatibility with Red Hat’s various Linux operating system flavors. (Although Steinberger was hired by OpenAI, he continues to lead the independent open source OpenClaw project.)

EMBED_PLACEHOLDER_0

O’Malley joined OpenClaw because she sees it as a way to “enable everyone to run AI in a safe way, that’s open,” she said. However, she began contemplating what would happen when OpenClaw infiltrates an enterprise environment and decided to build a tool for that scenario. She started with an open source container tool called Podman, created by a Red Hat colleague. Containers allow apps to run separately from the underlying computer, bundling everything the app needs to operate. For instance, they can run a Linux app on a Windows or Mac machine. Podman is particularly secure because it is “rootless,” meaning it grants containers no privileges from the host machine, according to Red Hat. Tank OS loads OpenClaw onto Red Hat’s Fedora Linux OS within a Podman container and turns that container into a bootable image, so it runs and launches OpenClaw when the computer starts. Her tool includes everything needed for OpenClaw to function without human oversight, such as state (allowing it to remember), the ability to store API keys (credentials for accessing subscriptions and services), and other features. Users can run multiple Tank OS instances on a single machine to handle different tasks, keeping passwords and credentials separate, and no OpenClaw instance can access anything else on the computer.

EMBED_PLACEHOLDER_1

While O’Malley acknowledges that the OpenClaw project is working to make the agent safer, she notes that “it’s an incredibly powerful application,” but it can also be “dangerous” if not configured correctly. “It’s not a tool that you can use easily unless you do have some sort of technical experience,” she said. There are numerous stories, such as the Meta AI security researcher whose Claw began deleting all of her work emails, or an agent that downloaded a user’s entire WhatsApp direct messages in plain text. Additionally, a growing number of malware strains target OpenClaw users. To be clear, Tank OS is not designed for techno novices either, she says. Users must be comfortable installing and maintaining software on their computers. Tank OS is also not the only OpenClaw implementation using containers. For example, NanoClaw is pursuing a similar approach with Docker, a well-known container company. However, Tank OS is intended to be especially useful for IT professionals—Red Hat’s primary customers—who may eventually manage fleets of OpenClaw agents on corporate computers. It allows them to update agents using the same methods they already use for other containers. “My role within OpenClaw is really my interest in it,” O’Malley said. “How it’s going to look scaled out when there are millions of these autonomous agents talking to one another.”