On Tuesday, Red Hat principal software engineer Sally O’Malley released a new open source tool called Tank OS to make it easier to deploy and manage OpenClaw agents more safely.
“This was a fun project that I put together on the weekend that I knew would be a really good fit for AI and where we’re going,” she told TechCrunch, adding that she wanted to give it “to the masses.”
Tank OS is geared toward power users looking to run OpenClaw on their own computers and toward IT pros managing fleets of corporate OpenClaw agents. It makes OpenClaw safer and easier to maintain en masse.
Countless people, companies, and startups are already inventing better ways to work with OpenClaw — the open source project that installs an AI agent on a local computer. There is also a growing number of startups building competing claw alternatives that they say are safer (like NanoClaw).
What makes O’Malley’s project notable is that she is an OpenClaw maintainer. That means she’s among the select software engineers working with creator Peter Steinberger to decide which features and bugs get worked on. In her case, she focuses on making OpenClaw work better in enterprise use cases, and with Red Hat’s various flavors of the Linux operating system. (While Steinberger was hired by OpenAI, he still leads the independent open source OpenClaw project.)
O’Malley joined OpenClaw because she sees it working to “enable everyone to run AI in a safe way, that’s open,” she said.
But she got to thinking about what will happen when OpenClaw invades an enterprise and decided to build a tool for that eventuality. She began with an open source container tool called Podman, created by a colleague at Red Hat. Containers are a way to run apps separately from the underlying computer, with everything the app needs to run, bundled together. They can run a Linux app on a Windows or Mac machine, for instance.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Podman is a particularly secure way to do this because it’s “rootless,” meaning it doesn’t give the containers any privileges from the underlying machine, Red Hat says.
Tank OS loads OpenClaw onto Red Hat’s Fedora Linux OS in a Podman container and makes that container a bootable image, meaning it will run and launch OpenClaw when you start the computer.
Her tool includes everything needed to make OpenClaw useful without human oversight, like state (the part that allows it to remember); the ability to store API keys (the credentials for accessing subscriptions and services); and other features.
Users can run multiple Tank OS instances on a machine to do different tasks, never sharing passwords or credentials between them, and no OpenClaw instance can gain access to anything else running on the computer.
While O’Malley knows that the OpenClaw project is working to make the agent safer, she says that “it’s an incredibly powerful application,” but can also be “dangerous” if not configured properly. “It’s not a tool that you can use easily unless you do have some sort of technical experience,” she said.
Stories abound, such as the Meta AI security researcher whose Claw started deleting all of her work email, or an agent that downloaded in plain text all of a user’s WhatsApp DMs. There’s also a growing crop of malware aimed at OpenClaw users.
To be sure, Tank OS isn’t really for techno novices either, she says. You have to be comfortable installing and maintaining software on your computer, she says. Tank OS is also not the only OpenClaw implementation working in containers. NanoClaw, for instance, is doing a similar thing with well-known container company Docker.
But Tank OS is intended to be especially useful for IT pros (aka, Red Hat’s main customers) who may one day manage fleets of OpenClaw agents on corporate computers. It allows them to update the agents the same way they already manage other containers.
“My role within OpenClaw is really my interest in it,” O’Malley said. “How it’s going to look scaled out when there are millions of these autonomous agents talking to one another.”
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
