Back to Home

Secure LLM Agents: CorpClaw-Lite for Business | Overview

CorpClaw-Lite is an open-source solution for the safe use of LLM agents in a corporate environment. The project provides strict container isolation, support for local models, and multi-user mode. The system prevents risks characteristic of analogs such as OpenClaw.

CorpClaw-Lite: how to safely implement LLM agents in a corporate environment
Advertisement 728x90

# CorpClaw-Lite: A Secure Alternative to OpenClaw for Corporate Tasks

Popular LLM agents like OpenClaw highlight security risks and single-user architecture. CorpClaw-Lite offers a solution for corporate use with a focus on privacy and data protection. The project is open-source and emphasizes three key aspects: security, multi-user mode, and support for local models.

Pitfalls of Popular LLM Agents

OpenClaw and its forks, which gained popularity in early 2026, have shown that task automation with LLMs is possible but comes with critical shortcomings. Main issues:

  • Lack of user isolation: agents run locally without workspace separation, leading to data leaks.
  • Security vulnerabilities: known cases of file deletions and data sent to the wrong recipients.
  • Limited support for local models: cloud LLMs dominate, but local models (4-8B parameters) often struggle with complex scenarios due to context limitations.

OpenClaw's architecture wasn't designed for multiple users from the start. Each run is a separate instance for one user. For corporate use, this is unacceptable due to privacy and access management requirements.

Google AdInline article slot

Security Architecture: Isolation and Access Control

CorpClaw-Lite addresses these issues at the architectural level. Key components:

Strict container isolation. Each user works in a separate Docker container with network_mode: none — complete network access ban. User files are stored in an isolated workspace, mounted only to their container. This prevents data crossover between users. All network operations (e.g., web requests) are offloaded to the host or remote MCP servers. Communication is secured with HMAC-SHA256 signatures and replay attack protection.

Role-based access control (RBAC). The project supports 10 departments, each with its own set of tools and limits (iterations, tool calls, execution time). For example, an accountant can't see the search_files tool in someone else's workspace, and an HR secretary can't run exec_script.

Google AdInline article slot

ToolGuard — multi-level tool validation. Before each tool call, the system checks it against rules. Implemented 20+ YAML rules with regex patterns, categorized by threat level:

  • CRITICAL: auto-block (e.g., rm -rf)
  • HIGH/MEDIUM: user confirmation prompt
  • INFO: logging

Additionally, Smart Approvals are used: an LLM assesses the command's risk. If safe, it executes automatically. For ambiguous actions, the user gets a confirmation prompt in Telegram via inline buttons.

Working with Local Models: Stability and Flexibility

CorpClaw-Lite is optimized for local LLMs. Key solutions:

Google AdInline article slot

XML Tool Calling. For models without native function calling support, tool calls are parsed via XML:

<invoke><name>read_file</name><arguments>{"path": "report.xlsx"}</arguments></invoke>

A two-tier parsing is applied: native SDK → XML fallback → JSON repair loop. This ensures stable operation even on weaker models like Qwen3.5 9B in Q4_K_M quantization.

LLM Router. Routes tasks to different models via YAML config:

  • Vision tasks — to a vision-capable model
  • Data consolidation — to a smaller local model
  • Complex agent chains — to a powerful model

Calibration system. A cloud model analyzes how the local model handles typical scenarios and automatically adjusts system prompts, tool descriptions, and few-shot examples. After calibration, no cloud model is needed — all load shifts to local. Calibration only edits YAML/Markdown configs, without touching Python code.

Context and Memory Management

To maintain performance during long sessions, these mechanisms are implemented:

  • Context consolidation. Every 50 messages, the LLM generates a summary to shrink the accumulated context. The process has a cooldown and doesn't trigger during active workflows.
  • Context compression. At 80% of max context, three-level compression applies:

1. Trimming old tool results

2. Data sanitization

3. LLM summarization of the middle section while preserving start and end

  • Fact base. Long-term data is stored in SQLite. The agent can write and read user-specific facts, extending personal instructions.

Subagents: Boosting Local LLM Stability

The main issue with local models is degradation as context and tool count grow. CorpClaw-Lite uses subagents to divide responsibilities:

The main agent delegates tasks to a subagent with:

  • Isolated context
  • Limited toolset
  • Specific instructions and connected skills

After completion, the subagent returns the result to the main agent. This saves 60-80% of the context window and improves stability.

Implemented 5 subagents:

| Subagent | Tools | Purpose |

|----------------------|--------------------------------------------------------------------------|--------------------------------|

| filesystem-agent | read_file, list_files, search_files, write_file, edit_file | File operations and search |

| document-agent | read/write/edit_file, normalize_excel, list_files | Document handling |

| execution-agent | exec_script, write_file, read_file | Script execution |

| research-agent | web_fetch, read_file, search_files, memory | Web research |

| data-agent | table_query, chart_generate, convert_format, pdf_reader, diff_text | Data analysis, SQL, charts |

Advantages: faster local model performance, reduced context. Drawback: potential insufficient input instructions, compensated by skills and isolation.

Practical Use via Telegram

Interaction with CorpClaw-Lite is handled through a Telegram bot:

  • Admin registers user by Telegram ID and assigns role.
  • On first launch, user completes onboarding (6 questions on preferences), generating a personalized instructions file.
  • Agent interaction via bot commands:
/start — registration and greeting
/delete — interactive file manager (deletion only with confirmation)
/setup — repeat onboarding
/new — reset conversation history

Key UX decision: file deletion only via interactive UI with confirmation. The agent physically can't delete files on LLM command — protection against hallucinations. During tasks, the bot shows progress (e.g., 📂 Reading file...) so users see activity.

Key Takeaways

  • Container-level isolation ensures users don't share data or network access.
  • ToolGuard with Smart Approvals blocks dangerous commands before execution, minimizing risks.
  • Local LLM optimization via XML Tool Calling and subagents makes it usable without cloud APIs.
  • Flexible RBAC with 10 departments scales easily to business processes.
  • Context control prevents performance degradation in long sessions.

— Editorial Team

Advertisement 728x90

Read Next