ClamBot: AI Agent Runs LLM-Generated Code in WASM Sandbox for Security
What ClamBot Does
ClamBot is an AI agent framework that addresses security concerns with existing agent frameworks by running all LLM-generated code in a WebAssembly sandbox instead of using exec() or subprocess calls. The creator built it after trying frameworks that execute arbitrary code directly on the host machine, citing examples like LangChain having a CVE for this approach, AutoGen shelling out with subprocess, and SWE-Agent running bash commands from the model.
Technical Implementation
ClamBot is built on top of amla-sandbox, a WASM sandbox that uses QuickJS in Wasmtime. The LLM writes JavaScript code that runs in a memory-isolated sandbox with zero network access. Every tool call (HTTP, filesystem, cron) must pass through an approval gate back in Python. No Docker or VM is required - it runs as one binary.
Key Features
- Sandbox Security: All code runs in WASM - cannot touch host memory or network
- Approval Gate: SHA-256 fingerprinted approval gate on every tool call with pre-approve patterns (e.g., "allow web_fetch for api.coinbase.com")
- Clam Reuse: Successful scripts get saved as "clams" and can be reused, reducing API costs for repeated requests
- Multi-Provider Support: OpenRouter, Anthropic, OpenAI, Gemini, DeepSeek, Groq, Ollama
- Telegram Integration: Telegram bot with inline approval buttons
- Additional Features: Persistent memory, cron scheduling, SSRF protection that blocks private IPs, secrets never appear in logs/tool args/traces
Example Workflow
User asks: "what are the top movers on binance?" The sandbox executes JavaScript → makes http_request to Binance API → goes through approval gate → returns result. The bot responds with the top 10 movers on Binance by 24h change.
Getting Started
bash git clone https://github.com/clamguy/clambot.git
cd clambot
uv run clambot onboard
uv run clambot agentStack and Scale
The project is built with Python + QuickJS/Wasmtime, contains approximately 10K lines of code, and was inspired by OpenClaw and nanobot. The creator built it because they wanted "an AI agent I could actually trust on my server."
📖 Read the full source: r/openclaw
👀 See Also
Rever UI Cloner: AI-Optimized Alternative to HTML Scraping for UI Replication
Rever UI Cloner is an API endpoint that provides AI agents with clean design blueprints instead of raw HTML, avoiding context window bloat and UI hallucination issues. It uses the x402 payment protocol requiring a 1 USDC micro-transaction on Base network for agent-to-agent payments.
AI Chat Exporter: A Chrome Extension for High-Fidelity Claude Conversation PDFs
A developer built AI Chat Exporter, a Chrome extension that preserves math, code, and images when exporting Claude conversations to PDF. The tool uses a local browser-based rendering engine developed with Claude 3.5 Sonnet to handle progressive markdown and LaTeX formatting.
Memora v0.2.25 MCP Server: 5× Faster Writes on D1 Database
Memora v0.2.25, an MCP server for Claude persistent memory, achieves 5× faster writes on Cloudflare D1 with memory_create dropping from 10s+ to ~1.8s and memory_update from 10s+ to ~1.1s per call.
Exploiting LLM Hidden Agency Signal (Â) for Better Tool Calling
A developer discovered that LLMs have a linearly separable hidden state direction called  that predicts tool calls with AUC > 0.94. Using this signal to force tool calls improved Qwen3-1.7B performance from 26.7% to 85% (+58% gain) and reduced no-tool failures from 43% to 2.6%.