A community-driven registry for Claude, Cursor, Windsurf, Cline & more. Not affiliated with Anthropic.
Are you the author? Sign in to claim
A secure, stable Rust alternative to openclaw/moltbot/clawdbot
Stable release available. Carapace is ready for real use on its verified stable paths; partial and in-progress areas are called out explicitly in the docs.
A security-focused, open-source personal AI assistant. Runs on your machine. Works through Matrix, Signal, Telegram, Discord, Slack, webhooks, and console. Supports Anthropic, OpenAI, Codex, Ollama, Gemini, Vertex AI, Bedrock, NEAR AI Cloud, Venice AI, and local Claude CLI. Extensible via WASM plugins and guarded filesystem tools. Written in Rust.
A hardened alternative to openclaw / clawdbot — for when your assistant needs a hard shell.
Carapace is designed to address the major vulnerability classes reported in the January 2026 openclaw security disclosures:
| Threat | Carapace defense |
|---|---|
| Unauthenticated access | Denied by default when credentials configured; CSRF-protected control endpoints |
| Exposed network ports | Localhost-only binding (127.0.0.1) |
| Plaintext secret storage | OS credential store (Keychain / Keyutils / Credential Manager) with AES-256-GCM fallback |
| Skills supply chain | Ed25519 signatures + WASM capability sandbox + resource limits |
| Prompt injection | Prompt guard + inbound classifier + exec approval flow + tool policies |
| No process sandboxing | OS-level subprocess sandboxing on macOS/Linux/Windows for sandbox-required paths; unsupported paths fail closed |
| SSRF / DNS rebinding | Private IP blocking + post-resolution validation |
See docs/security.md for the full security model. See docs/security-comparison.md for a threat-by-threat comparison with OpenClaw. See docs/feature-status.yaml and docs/feature-evidence.yaml for verified-vs-partial implementation status.
cara from the latest release (Linux/macOS/Windows):
cara setup
cara
cara verify --outcome auto --port 18789
cara chat
Use /help in chat for REPL commands (/new, /exit, /quit).
If you use cloud models, finish one provider onboarding path before launching:
set one provider key (for example ANTHROPIC_API_KEY, OPENAI_API_KEY,
GOOGLE_API_KEY, NEARAI_API_KEY, or VENICE_API_KEY), use Codex sign-in through
cara setup --provider codex or the Control UI, or use Gemini Google sign-in
through cara setup --provider gemini --auth-mode oauth or the Control UI.
Codex and Gemini Google sign-in both require CARAPACE_CONFIG_PASSWORD so the
stored auth profile stays encrypted at rest.
Models are routed explicitly with provider:model strings such as
anthropic:claude-sonnet-4-6, openai:gpt-5.5,
gemini:gemini-2.5-flash, nearai:google/gemma-4-31B-it,
ollama:llama3.2, or codex:default.
If you are not sure where to start, choose local-chat as your first outcome,
start with one provider, and add channels only after cara verify --outcome auto
passes.
If you want Cara to inspect one local project directory, enable the
filesystem block for a single workspace root and start with the
guarded local project assistant recipe.
Active and planned work is tracked on GitHub Issues. The feature inventory is the source of truth for what currently ships.
Recently shipped highlights are tracked on the GitHub Releases page.
If you want to build from source or contribute, start here:
Apache-2.0 — see LICENSE.
干净、强大、属于你的 AI Agent 平台 --AI agents, without the clutter.
Pocket Flow: Codebase to Tutorial
A Comprehensive Benchmark to Evaluate LLMs as Agents (ICLR'24)
💻 A curated list of papers and resources for multi-modal Graphical User Interface (GUI) agents.