Red Hat’s OpenClaw Maintainer has made enterprise Claw deployments more secure

On Tuesday, Red Hat principal software engineer Sally O’Malley released a new open source tool called Tank OS to make it easier and more secure to deploy and manage OpenClaw clients.

“This was a fun project that I put together over the weekend and I knew it would be a really good fit for AI and where we were going,” she told TechCrunch, adding that she wanted to bring it “to the masses.”

Tank OS is geared toward power users looking to run OpenClaw on their PCs and toward IT professionals who manage fleets of OpenClaw agents for businesses. It makes OpenClaw more secure and easier to maintain en masse.

Countless people, companies, and startups are already coming up with better ways to work with OpenClaw, an open source project that installs an AI agent on a local computer. There are also a growing number of startups building competing claw alternatives that they say are safer (like NanoClaw).

What makes O’Malley’s project notable is that she is an OpenClaw maintainer. This means that she is among the selected software engineers who work with creator Peter Steinberger to determine which features and bugs to work on. In its case, it’s focused on making OpenClaw work better in enterprise use cases, and with Red Hat’s various flavors of Linux. (While Steinberger was hired by OpenAI, he still leads the independent open source project OpenClaw.)

O’Malley joined OpenClaw because she sees it as “empowering everyone to run AI in a way that’s safe, and that’s open.”

But she thought about what would happen when OpenClaw invaded an organization, and decided to build a tool to address that possibility. She started using an open source container tool called Podman, created by a colleague at Red Hat. Containers are a way to run applications separately from the main computer, while bundling everything the application needs to run together. They can run a Linux application on a Windows or Mac machine, for example.

Podman is a particularly secure way to do this because it is “rootless,” meaning it doesn’t grant containers any privileges from the underlying machine, Red Hat says.

Tank OS loads OpenClaw on Red Hat’s Fedora Linux operating system into a Podman container and makes that container a bootable image, meaning that OpenClaw will be up and running when the computer starts.

Her tool includes everything needed to make OpenClaw useful without human supervision, such as state (the part that allows it to remember); The ability to store API keys (credentials for accessing subscriptions and services); And other features.

Users can run multiple instances of Tank OS on a machine to do different tasks, do not share passwords or credentials between them, and no OpenClaw instance can access anything else running on the computer.

While O’Malley knows the OpenClaw project is working to make the proxy more secure, she says it’s an “incredibly powerful application,” but it can also be “dangerous” if not configured properly. “It’s not a tool you can use easily unless you have some sort of technical experience,” she said.

Stories abound, like the Meta AI security researcher whose Claw started deleting all her work emails, or the agent who downloaded all of a user’s direct WhatsApp messages in plain text. There is also a growing range of malware targeting OpenClaw users.

Tank OS is definitely not for tech newbies, either, she says. “You should be comfortable installing and maintaining software on your computer,” she says. Tank OS is also not the only OpenClaw implementation that runs in containers. For example, NanoClaw does something similar with the well-known container company Docker.

But Tank OS is intended to be especially useful for IT pros (aka key Red Hat customers) who may one day be running fleets of OpenClaw agents on corporate computers. It allows them to update agents in the same way they already manage other containers.

“My role within OpenClaw is actually my interest in it,” O’Malley said. “What will it look like at scale when there are millions of these independent agents talking to each other?”