OpenClaw faces scrutiny for reviving MS-DOS-era security flaws in modern AI agents. The project’s approach mirrors 1980s systems where programs operated with unrestricted kernel access, akin to Walmart’s 2000s POS devices running on MS-DOS with shared passwords. The author recalls a drunken IT consultant bragging about Walmart’s insecure DOS-based infrastructure, where customer payment data was exposed. This historical parallel underscores the dangers of gateways that grant AI models unchecked system privileges, echoing the chaos of early computing.

NVIDIA responded with a NemoClaw tutorial for deploying OpenClaw on DGX Spark, emphasizing runtime control. Steps include binding Ollama to 0.0.0.0 for cross-namespace access, verifying installer signatures with SSH keys, and preloading models into GPU memory. The guide addresses security by isolating agents in containers, though critics argue this mirrors “wrapping” legacy systems rather than rethinking architecture.

A competing project, Wirken, takes a stricter approach. It runs agents as host processes with isolated channels, each protected by Ed25519 keys. High-risk commands trigger tiered approvals, while inference stays confined to loopback. Shell execution occurs in hardened Docker containers with read-only filesystems and ephemeral tmpfs. Audit logs hash-chain every action, ensuring tamper-proof records.

The technical debate centers on whether security should envelop the entire agent (NemoClaw) or compartmentalize it (Wirken). Both aim to prevent the “single token” vulnerabilities of legacy systems, but Wirken’s granular controls and attestation chains offer a more robust blueprint for trustless AI deployment.