# PocketClaw

> Independent publication on self-hosted AI agents. Hardware reviews, agent comparisons, security advisories. Updated weekly.

PocketClaw covers the practice of running AI on hardware you own — Raspberry Pi, mini PCs, Apple Silicon, edge devices — with self-hosted agents like OpenClaw, Hermes Agent, Nanobot, NanoClaw, IronClaw, ZeroClaw and Moltworker. We test, audit, and write the guides we wish existed when we were starting out.

## Core guides

- [OpenClaw security crisis 2026: what you need to know](https://pocketclaw.dev/guides/openclaw-security-crisis-2026): OpenClaw shipped a one-click RCE in January 2026. ~1000 public installations were running without auth. Here's what happened, what's exposed, and what to do.
- [5 best OpenClaw alternatives in 2026 (tested and ranked)](https://pocketclaw.dev/guides/openclaw-alternatives-2026): Hermes Agent, Nanobot, NanoClaw, IronClaw, ZeroClaw — installed, broken, fixed. Honest comparison of the top OpenClaw alternatives, ranked by what actually works in production.
- [How to migrate from OpenClaw to Hermes Agent: step-by-step](https://pocketclaw.dev/guides/migrate-openclaw-to-hermes): Concrete migration guide from OpenClaw to Hermes Agent. Export your config, port your tools, rewire your dashboard, decommission the old install.
- [The complete OpenClaw timeline (Nov 2025 → Apr 2026): from weekend project to 135K installs to security crisis](https://pocketclaw.dev/guides/openclaw-complete-history): Long-form history of OpenClaw — Peter Steinberger's autonomous AI agent. Origin, viral growth, technical architecture, the move to OpenAI, the security collapse, and what it means for self-hosted AI in 2026.
- [Self-hosted AI agents in 2026 — the complete landscape report](https://pocketclaw.dev/guides/self-hosted-ai-landscape-2026): Comprehensive landscape report on self-hosted AI agents in 2026: ecosystem map, vendor analysis, security posture, hosting economics, model integrations and the regulatory environment. Covers OpenClaw, Hermes, Nanobot, NanoClaw, IronClaw, ZeroClaw, Moltworker and the wider category.
- [Pocket AI 2026 — the complete guide to running self-hosted AI on portable hardware](https://pocketclaw.dev/guides/pocket-ai-complete-guide): The reference guide on Pocket AI: running self-hosted AI agents and local LLMs on Raspberry Pi, Mac Mini, mini PCs, Framework laptops and edge devices. Hardware comparison, agent compatibility, real-world benchmarks, and the manifesto.
- [Edge AI hardware buyer's guide 2026 — Raspberry Pi 5 vs Mini PC vs Mac Mini vs Framework](https://pocketclaw.dev/guides/edge-ai-hardware-2026): Honest hands-on hardware buyer's guide for self-hosted AI agents in 2026. Raspberry Pi 5, Intel NUC and clones, Mac Mini M4, Framework Laptop, Orange Pi 5 Plus — real benchmarks, real bills, concrete recommendations by budget.
- [Local LLMs in 2026 — the complete benchmark report on portable hardware](https://pocketclaw.dev/guides/local-llms-benchmark-2026): Real-world benchmarks of Llama 3.3 70B, Qwen 2.5 72B, Mistral 7B, Llama 3 8B and Phi-3 mini across Raspberry Pi 5, Intel mini PCs, Apple Silicon Mac Mini, and Mac Studio. Tokens-per-second, agentic task pass rates, power and cost economics.
- [Self-hosted AI security playbook 2026 — the practical operator's guide](https://pocketclaw.dev/guides/self-hosted-ai-security-playbook-2026): Practical security playbook for self-hosted AI agent operators in 2026. Threat model, sandbox setup, credential storage, network isolation, monitoring, incident response. Step-by-step, post-OpenClaw-crisis.
- [How to choose a self-hosted AI agent in 2026 — a decision tree](https://pocketclaw.dev/guides/how-to-choose-self-hosted-ai-agent-2026): Pick the right self-hosted AI agent in 2026 with a six-question decision tree. Covers OpenClaw, Hermes Agent, Nanobot, NanoClaw, IronClaw, ZeroClaw, Moltworker. Practical, vendor-agnostic, no-bullshit.
- [GDPR for self-hosted AI agents in 2026 — a practical compliance walkthrough](https://pocketclaw.dev/guides/gdpr-self-hosted-ai-2026): Practical GDPR compliance walkthrough for self-hosted AI agent operators. Lawful basis, data residency, sub-processor disclosure, DPIA triggers, breach notification. Plain language. Not legal advice.

## Tracked agents

- [OpenClaw](https://pocketclaw.dev/agents/openclaw): The original viral self-hosted AI agent. Post-crisis 2026.4 line is genuinely safer; pre-2026.3 is genuinely dangerous.
- [Hermes Agent](https://pocketclaw.dev/agents/hermes-agent): Post-OpenClaw safe default. Docker-sandboxed by default, multi-LLM, opinionated. The agent we'd hand a colleague today.
- [Nanobot](https://pocketclaw.dev/agents/nanobot): 4,000-line Python agent designed to be auditable in an afternoon. Trust through verification.
- [NanoClaw](https://pocketclaw.dev/agents/nanoclaw): macOS-only opinionated fork. Apple containers + Claude. Sub-second boot.
- [IronClaw](https://pocketclaw.dev/agents/ironclaw): Enterprise zero-trust agent. gVisor + audit logs + RBAC + SAML. $750/seat/year.
- [ZeroClaw](https://pocketclaw.dev/agents/zeroclaw): Privacy-first. Local LLMs only. Network egress denied at iptables. AGPL-3.0.
- [Moltworker](https://pocketclaw.dev/agents/moltworker): Self-hosted AI agent on Cloudflare Workers. Free at low volume. Workers runtime constraints apply.
- [DeployHermes](https://pocketclaw.dev/agents/deployhermes): First managed-Hermes-Agent service. $19/month for a hosted Hermes deployment with dashboard, SSO and CVE monitoring.
- [NitroClaw](https://pocketclaw.dev/agents/nitroclaw): Managed self-hosted-AI hosting service starting at $20/month. Bundled AI credits. White-glove setup tier at $100/month.
- [ClawRift](https://pocketclaw.dev/agents/clawrift): Managed multi-channel hosting from $19/month. "Deploy in 60 seconds" pitch — Telegram, Discord, WhatsApp.
- [ClawGo](https://pocketclaw.dev/agents/clawgo): Self-serve managed agent deployment. Free tier (1 agent, 50 messages/day) + paid tiers from $9/month.
- [ZeroClaw Lite](https://pocketclaw.dev/agents/zeroclaw-lite): Stripped-down ZeroClaw fork for resource-constrained hosts. Phi-3 mini default, runs comfortably on a Pi 5.

## Tracked hardware

- [Raspberry Pi 5](https://pocketclaw.dev/pocket/raspberry-pi-5): The default starting point for pocket AI in 2026. 4–8 GB of LPDDR4X, ARM Cortex-A76, sub-€100, runs Hermes Agent (no browser tool) or Nanobot comfortably.
- [Intel NUC 13 / Mini PC](https://pocketclaw.dev/pocket/intel-nuc-13): Mini PCs at €300–600 with i5/i7 + 16–32 GB RAM. The sweet spot for self-hosted AI agents that need browser automation and decent local model performance.
- [Mac Mini M4 / M4 Pro](https://pocketclaw.dev/pocket/mac-mini-m4): The single best small-form-factor host for local LLMs in 2026. Apple Silicon unified memory makes 70B-class models tractable on a desk-sized machine.
- [Framework Laptop 13 / 16](https://pocketclaw.dev/pocket/framework-laptop): Repairable, modular laptop with strong Linux support. The right choice if you want a portable agent host that doubles as a daily driver.
- [Old Android phone (Moto E2 et al.)](https://pocketclaw.dev/pocket/moto-e2-2015): The PocketClaw origin story device. €15–30 used. Genuinely runs lightweight agents via Termux + proot, with serious caveats.
- [Raspberry Pi Zero 2 W](https://pocketclaw.dev/pocket/raspberry-pi-zero-2w): €20 SBC with 512 MB RAM. Useful as an edge agent endpoint (sensor reader, tool host) but not a primary agent host.
- [Geekom IT13 / generic Intel mini PC](https://pocketclaw.dev/pocket/geekom-mini-it13): Sub-€500 mini PC with i7-13620H, 32 GB RAM, 1 TB SSD. The pragmatic alternative to the Intel NUC.
- [Orange Pi 5 Plus](https://pocketclaw.dev/pocket/orange-pi-5-plus): Rockchip RK3588-based SBC with 4–32 GB RAM and an NPU. The Pi 5's most credible competitor for AI workloads on ARM.
- [Mac Studio M3 Ultra](https://pocketclaw.dev/pocket/mac-studio-m3-ultra): 192 GB unified memory ceiling. The local-LLM workstation. Llama 3.3 70B at 22 tok/s. €4,500+.
- [MacBook Air M3 / M4](https://pocketclaw.dev/pocket/macbook-air-m3): Fanless laptop with up to 24 GB unified memory. Runs Mistral 7B Q4 silently on the train. €1,299+.
- [Lenovo ThinkCentre M75q (used)](https://pocketclaw.dev/pocket/lenovo-thinkcentre-m75q): €150–250 used Ryzen mini PC. 16 GB RAM, NVMe slot, runs Hermes Agent comfortably. The budget winner.
- [Minisforum UM790 Pro](https://pocketclaw.dev/pocket/minisforum-um790-pro): Ryzen 9 7940HS mini PC. 32–64 GB RAM. The best Linux mini PC value at €700-900.
- [Khadas Edge2 Pro](https://pocketclaw.dev/pocket/khadas-edge2): Premium SBC with 16 GB RAM and the same RK3588 as Orange Pi 5 Plus. Better build, smaller community.
- [Dell OptiPlex 3070 / 5070 Micro (used)](https://pocketclaw.dev/pocket/dell-optiplex-3070): €100–180 used Intel mini PC. 8th gen i5, 8–16 GB RAM, NVMe. The cheapest credible mini PC for self-hosted AI.
- [Geekom Mini Air 12](https://pocketclaw.dev/pocket/geekom-mini-air-12): Sub-€300 fanless Intel N100 mini PC with 16 GB RAM. The silent always-on tier.

## Recent CVEs

- [CVE-2026-26701](https://pocketclaw.dev/cves/cve-2026-26701): Hermes Agent — sandbox escape via tool definition injection
- [CVE-2026-25898](https://pocketclaw.dev/cves/cve-2026-25898): OpenClaw — credential leak via verbose error logs
- [CVE-2026-22807](https://pocketclaw.dev/cves/cve-2026-22807): OpenClaw — prompt-injection-resistant audit log incomplete
- [CVE-2026-26330](https://pocketclaw.dev/cves/cve-2026-26330): NitroClaw — IDOR in admin dashboard tenant routing
- [CVE-2026-24112](https://pocketclaw.dev/cves/cve-2026-24112): IronClaw — XSS in audit log viewer
- [CVE-2026-23912](https://pocketclaw.dev/cves/cve-2026-23912): MCP protocol — tool description spoofing across implementations
- [CVE-2026-26044](https://pocketclaw.dev/cves/cve-2026-26044): NanoClaw — Apple container privilege escalation
- [CVE-2026-23501](https://pocketclaw.dev/cves/cve-2026-23501): Nanobot — log injection via unescaped tool output
- [CVE-2026-24891](https://pocketclaw.dev/cves/cve-2026-24891): OpenClaw — path traversal in file tool
- [CVE-2026-24447](https://pocketclaw.dev/cves/cve-2026-24447): ZeroClaw — local network scan via misconfigured iptables rule

## Sections

- [Live ecosystem dashboard](https://pocketclaw.dev/live)
- [Agents](https://pocketclaw.dev/agents)
- [Hardware (pocket AI)](https://pocketclaw.dev/pocket)
- [CVEs](https://pocketclaw.dev/cves)
- [Comparisons](https://pocketclaw.dev/compare)
- [Glossary](https://pocketclaw.dev/glossary)
- [Providers](https://pocketclaw.dev/providers)
- [Use cases](https://pocketclaw.dev/use-case)
- [Setup tutorials](https://pocketclaw.dev/setup)
- [Topics](https://pocketclaw.dev/topic)
- [Newsletter (weekly)](https://pocketclaw.dev/newsletter)

## About

Started 2025. Independent. Ad-free. EU-based. Editorial standards documented at https://pocketclaw.dev/methodology. Affiliate disclosures at https://pocketclaw.dev/disclosure.