# CorpClaw-Lite: A Secure Alternative to OpenClaw for Corporate Tasks
Popular LLM agents like OpenClaw highlight security risks and single-user architecture. CorpClaw-Lite offers a solution for corporate use with a focus on privacy and data protection. The project is open-source and emphasizes three key aspects: security, multi-user mode, and support for local models.
Pitfalls of Popular LLM Agents
OpenClaw and its forks, which gained popularity in early 2026, have shown that task automation with LLMs is possible but comes with critical shortcomings. Main issues:
- Lack of user isolation: agents run locally without workspace separation, leading to data leaks.
- Security vulnerabilities: known cases of file deletions and data sent to the wrong recipients.
- Limited support for local models: cloud LLMs dominate, but local models (4-8B parameters) often struggle with complex scenarios due to context limitations.
OpenClaw's architecture wasn't designed for multiple users from the start. Each run is a separate instance for one user. For corporate use, this is unacceptable due to privacy and access management requirements.
Security Architecture: Isolation and Access Control
CorpClaw-Lite addresses these issues at the architectural level. Key components:
Strict container isolation. Each user works in a separate Docker container with network_mode: none — complete network access ban. User files are stored in an isolated workspace, mounted only to their container. This prevents data crossover between users. All network operations (e.g., web requests) are offloaded to the host or remote MCP servers. Communication is secured with HMAC-SHA256 signatures and replay attack protection.
Role-based access control (RBAC). The project supports 10 departments, each with its own set of tools and limits (iterations, tool calls, execution time). For example, an accountant can't see the search_files tool in someone else's workspace, and an HR secretary can't run exec_script.
ToolGuard — multi-level tool validation. Before each tool call, the system checks it against rules. Implemented 20+ YAML rules with regex patterns, categorized by threat level:
CRITICAL: auto-block (e.g.,rm -rf)HIGH/MEDIUM: user confirmation promptINFO: logging
Additionally, Smart Approvals are used: an LLM assesses the command's risk. If safe, it executes automatically. For ambiguous actions, the user gets a confirmation prompt in Telegram via inline buttons.
Working with Local Models: Stability and Flexibility
CorpClaw-Lite is optimized for local LLMs. Key solutions:
XML Tool Calling. For models without native function calling support, tool calls are parsed via XML:
<invoke><name>read_file</name><arguments>{"path": "report.xlsx"}</arguments></invoke>
A two-tier parsing is applied: native SDK → XML fallback → JSON repair loop. This ensures stable operation even on weaker models like Qwen3.5 9B in Q4_K_M quantization.
LLM Router. Routes tasks to different models via YAML config:
- Vision tasks — to a vision-capable model
- Data consolidation — to a smaller local model
- Complex agent chains — to a powerful model
Calibration system. A cloud model analyzes how the local model handles typical scenarios and automatically adjusts system prompts, tool descriptions, and few-shot examples. After calibration, no cloud model is needed — all load shifts to local. Calibration only edits YAML/Markdown configs, without touching Python code.
Context and Memory Management
To maintain performance during long sessions, these mechanisms are implemented:
- Context consolidation. Every 50 messages, the LLM generates a summary to shrink the accumulated context. The process has a cooldown and doesn't trigger during active workflows.
- Context compression. At 80% of max context, three-level compression applies:
1. Trimming old tool results
2. Data sanitization
3. LLM summarization of the middle section while preserving start and end
- Fact base. Long-term data is stored in SQLite. The agent can write and read user-specific facts, extending personal instructions.
Subagents: Boosting Local LLM Stability
The main issue with local models is degradation as context and tool count grow. CorpClaw-Lite uses subagents to divide responsibilities:
The main agent delegates tasks to a subagent with:
- Isolated context
- Limited toolset
- Specific instructions and connected skills
After completion, the subagent returns the result to the main agent. This saves 60-80% of the context window and improves stability.
Implemented 5 subagents:
| Subagent | Tools | Purpose |
|----------------------|--------------------------------------------------------------------------|--------------------------------|
| filesystem-agent | read_file, list_files, search_files, write_file, edit_file | File operations and search |
| document-agent | read/write/edit_file, normalize_excel, list_files | Document handling |
| execution-agent | exec_script, write_file, read_file | Script execution |
| research-agent | web_fetch, read_file, search_files, memory | Web research |
| data-agent | table_query, chart_generate, convert_format, pdf_reader, diff_text | Data analysis, SQL, charts |
Advantages: faster local model performance, reduced context. Drawback: potential insufficient input instructions, compensated by skills and isolation.
Practical Use via Telegram
Interaction with CorpClaw-Lite is handled through a Telegram bot:
- Admin registers user by Telegram ID and assigns role.
- On first launch, user completes onboarding (6 questions on preferences), generating a personalized instructions file.
- Agent interaction via bot commands:
/start — registration and greeting
/delete — interactive file manager (deletion only with confirmation)
/setup — repeat onboarding
/new — reset conversation history
Key UX decision: file deletion only via interactive UI with confirmation. The agent physically can't delete files on LLM command — protection against hallucinations. During tasks, the bot shows progress (e.g., 📂 Reading file...) so users see activity.
Key Takeaways
- Container-level isolation ensures users don't share data or network access.
- ToolGuard with Smart Approvals blocks dangerous commands before execution, minimizing risks.
- Local LLM optimization via XML Tool Calling and subagents makes it usable without cloud APIs.
- Flexible RBAC with 10 departments scales easily to business processes.
- Context control prevents performance degradation in long sessions.
— Editorial Team
No comments yet.