OpenClaw is everywhere. 180K+ GitHub stars. Baidu integrated it. Elon Musk tweeted about it.
But if you're a security professional, it's terrifying:
- 512 vulnerabilities disclosed (8 critical)
- One-click remote code execution via malicious links
- 230+ malicious skills uploaded to ClawHub
- Gateway binds 0.0.0.0 by default — 30,000+ instances exposed
- Credentials and memories stored in plaintext
- No skill signing — anyone can upload anything
This matters because personal AI agents aren't chatbots. They have access to your filesystem, your email, your credentials, your shell. An insecure agent is an open door.
What I Built
I'm a security engineer with 15+ years in the industry. I built Gulama with one principle: security isn't a feature you add later — it's the foundation you build on.
15+ Security Mechanisms
| Mechanism | What it does |
|---|---|
| AES-256-GCM encryption | All credentials and memories encrypted at rest |
| Sandboxed execution | Every tool runs in bubblewrap/Docker sandbox |
| Ed25519-signed skills | No unsigned code runs, ever |
| Policy engine | Cedar-inspired deterministic authorization |
| Canary tokens | Prompt injection detection |
| Egress filtering + DLP | Prevents data exfiltration |
| Loopback binding | Gateway binds 127.0.0.1 ONLY |
| Hash-chain audit | Tamper-proof cryptographic audit trail |
But Also a Real Agent
Gulama isn't just a security demo. It's a full-featured personal AI agent:
- 100+ LLM providers via LiteLLM — Anthropic, OpenAI, DeepSeek, Groq, Ollama (free/local), and more
- 19 built-in skills — files, shell, web, browser, email, calendar, GitHub, Notion, Spotify, voice, MCP bridge
- 10 communication channels — CLI, Telegram, Discord, Slack, WhatsApp, Matrix, Teams, Google Chat, Web UI, Voice Wake
- Full MCP support — both server and client
- Multi-agent orchestration — spawn background sub-agents
- RAG-powered memory — ChromaDB vector search
- Self-modifying — the agent writes its own new skills at runtime (sandboxed)
- 5 autonomy levels — from "ask before everything" to full autopilot
Side-by-Side: Gulama vs OpenClaw
| Feature | Gulama | OpenClaw |
|---|---|---|
| Security mechanisms | 15+ built into core | ~0 |
| Memory encryption | AES-256-GCM | None (plaintext) |
| Skill signing | Ed25519 mandatory | None |
| Sandbox | bubblewrap/Docker | Container-only |
| Prompt injection defense | Canary tokens | None |
| MCP support | Full server + client | None |
| Multi-agent | Background sub-agents | None |
| LLM providers | 100+ via LiteLLM | ~5 |
| Communication channels | 10 | CLI-focused |
Try It
pip install gulama
gulama setup
gulama chat
That's it. 60 seconds to a secure AI agent.
Links
- GitHub: github.com/san-techie21/gulama-bot
- PyPI: pypi.org/project/gulama
- License: MIT
Security shouldn't be an afterthought. Especially when the agent has access to your files, emails, and credentials.
Happy to answer questions in the comments!
Top comments (0)