PocketClawAI security alerts
Sign in
reference

Glossary.

50 terms you'll meet again and again working with self-hosted AI agents. Concise definitions with cross-references.

A

AI agent

Software that uses one or more language models to autonomously plan and execute multi-step tasks via tool calls.

Air-gap

Deployment with no network connection to untrusted networks — typically no internet access at all.

Approval flow

UI pattern requiring human confirmation before an agent's tool call executes.

B

BYOK (Bring Your Own Key)

Pricing pattern where a user supplies their own LLM API keys to a self-hosted or managed agent.

C

Caddy

Reverse proxy server with automatic HTTPS via Let's Encrypt. The easiest path to TLS on a self-hosted setup.

Cloudflare Workers

Edge serverless runtime running V8 isolates across 330+ Cloudflare data centres.

CVE-2026-25253

Critical 1-click remote code execution vulnerability in OpenClaw versions before 2026.2.10. CVSS 9.6.

D

Data residency

Regulatory or contractual requirement that data not leave a defined geographic or organisational boundary.

Docker Compose

Tool for defining and running multi-container Docker applications via a single YAML file.

Docker sandbox

Sandbox using a Docker container with filesystem mount and network policy controls.

E

Edge AI

AI workloads running close to where data is generated rather than in centralised cloud datacenters.

Embeddings

Numerical vector representations of text, images, or audio that capture semantic similarity.

EU AI Act

EU regulation classifying AI systems by risk level and imposing obligations on high-risk deployments.

G

GDPR

EU regulation governing personal data processing. Applies to most consumer-facing AI deployments touching EU users.

GGUF

File format for storing quantised LLM weights, used by llama.cpp and Ollama.

gVisor

User-space kernel that runs as a sandbox layer between containers and the host kernel.

H

Hermes Agent

Open-source self-hosted AI agent from Nous Research, released February 2026. Sandboxed by default, multi-LLM.

Hetzner

German VPS and dedicated server provider. The cheapest credible EU option for self-hosting in 2026.

I

IronClaw

Enterprise-grade self-hosted AI agent with gVisor sandboxing, RBAC and audit logging. Source-available.

L

Llama

Meta's family of open-weight large language models. Llama 3.3 70B is the leading open frontier model in 2026.

llama.cpp

C++ inference engine for LLMs. The runtime under most local-LLM setups, including Ollama.

Local LLM

Language model running on local hardware rather than via cloud API. Llama, Qwen, Mistral local variants.

M

Magic link

Passwordless authentication where the user clicks a one-time link sent to their email.

MCP (Model Context Protocol)

Open standard for connecting language models to external tools and data sources via a JSON-RPC interface.

MCP server

Process that exposes a set of tools to MCP-compatible AI agents over a JSON-RPC interface.

Mistral

European LLM developer. Mistral 7B is the canonical small open-weight model; Mistral Small 22B targets the mid-tier.

Moltworker

Cloudflare Workers-based self-hosted AI agent reference implementation.

N

Nanobot

4,000-line Python self-hosted AI agent from HKU. Designed to be auditable in an afternoon.

NanoClaw

macOS-only fork of OpenClaw using Apple's container framework for sandboxing. Claude-only.

O

Ollama

Local LLM runtime that exposes an OpenAI-compatible API over local model weights.

OpenClaw

Open-source autonomous AI agent created by Peter Steinberger in November 2025. Most-installed self-hosted agent of 2026.

OpenRouter

LLM API gateway providing a unified interface across Anthropic, OpenAI, Google, Mistral and many open models.

P

Phi-3

Microsoft's small-language-model family. Phi-3 mini 3.8B runs on a Raspberry Pi 5.

Pocket AI

Self-hosted AI agents and language models running on portable, low-power hardware you own.

Prompt injection

Attack technique where adversarial input embedded in a document or webpage hijacks an agent's behaviour.

Q

Quantisation

Reducing the numerical precision of model weights to shrink memory footprint and speed up inference, with quality tradeoff.

Qwen

Alibaba's open-weight LLM family. Qwen 2.5 Coder 7B is widely used for self-hosted code-focused agents.

R

RAG (Retrieval-Augmented Generation)

Pattern of augmenting LLM responses with retrieved external data, typically from a vector database.

RCE (Remote Code Execution)

Vulnerability class where an attacker can execute arbitrary code on a target system over a network.

S

Sandbox

Isolation layer that constrains what an agent's tool execution can access on the host.

Sandboxed tool execution

Running an agent's tool calls inside an isolated environment that limits filesystem, network and process access.

Self-hosted AI

AI software you install on hardware you control, rather than consuming as a hosted product.

T

Tailscale

Mesh VPN built on WireGuard. Common pattern for keeping self-hosted dashboards off the public internet.

Tool call

Structured invocation of an external function by a language model, typically as JSON conforming to a declared schema.

V

Vector database

Database optimised for similarity search over high-dimensional embeddings.

VPS

Virtual private server — a virtualised slice of a physical server, typically rented by the month.

W

Watchtower

Container that watches running containers and pulls/redeploys when new images ship.

WebSocket origin validation

Server-side check that an incoming WebSocket connection comes from an allowed origin domain.

Z

Zero trust

Security architecture that assumes no implicit trust and verifies every access request.

ZeroClaw

Privacy-first self-hosted AI agent. Local LLMs only, no cloud, AGPL-3.0.

also on PocketClaw

More AI security tools

AI agents trackerOpenClaw, Hermes, Nanobot…AI CVE trackerevery disclosed vulnerabilityAI hardwarehosts we benchmarkedAI providersOpenRouter, Anthropic, OpenAI…AI guideslong-form audits + playbooksAI comparisonsside-by-side breakdowns