IronClaw is an open-source AI assistant built in Rust that prioritizes user privacy through isolated WebAssembly sandboxes. The project, inspired by OpenClaw, has gained 663 stars on GitHub and implements multiple security layers including credential protection and prompt injection defense. It runs entirely locally with encrypted data storage.

Key features include a WASM Sandbox for untrusted tools with capability-based permissions, endpoint allowlisting, and leak detection. The system supports multiple channels including REPL, HTTP webhooks, Telegram, Slack, and a browser-based web gateway with real-time streaming. IronClaw also offers self-expanding capabilities where users can dynamically build new tools on the fly without vendor dependencies.

Installation requires Rust 1.85+, PostgreSQL 15+ with pgvector extension, and NEAR AI authentication. The setup wizard handles database configuration and secrets encryption using the system keychain. The architecture employs defense in depth with pattern-based prompt injection detection, content sanitization, and full audit logging of all tool executions. IronClaw represents a significant step toward trustworthy AI assistants that keep user data private while maintaining powerful functionality.