Disclaimer: OpenBrowserClaw is a personal, open-source project. It is not affiliated with any cryptocurrency, meme coin, token, or social media account. If you see coins, tokens, or social media profiles claiming association with this project, they are not legitimate and are not endorsed by the author(s). Stay safe and do your own research.
Browser-native personal AI assistant. Zero infrastructure — the browser is the server.
Built as a browser-only reimagination of NanoClaw. Same philosophy, small enough to understand, built for one user, but running entirely in a browser tab.
cd openbrowserclaw
npm install
npm run devOpen http://localhost:5173, paste your Anthropic API key, and start chatting.
┌──────────────────────────────────────────────────────────┐
│ Browser Tab (PWA) │
│ │
│ ┌──────────┐ ┌──────────┐ ┌────────────────────────┐ │
│ │ Chat UI │ │ Settings │ │ Task Manager │ │
│ └────┬─────┘ └─────┬────┘ └───────┬────────────────┘ │
│ └──────────────┼───────────────┘ │
│ ▼ │
│ Orchestrator (main thread) │
│ ├── Message queue & routing │
│ ├── State machine (idle/thinking/responding)│
│ └── Task scheduler (cron) │
│ │ │
│ ┌───────────┼───────────┐ │
│ ▼ ▼ ▼ │
│ IndexedDB OPFS Agent Worker │
│ (messages, (group (Claude API │
│ tasks, files, tool-use loop, │
│ config) memory) WebVM sandbox) │
│ │
│ Channels: │
│ ├── Browser Chat (built-in) │
│ └── Telegram Bot API (optional, pure HTTPS) │
└──────────────────────────────────────────────────────────┘
| File | Purpose |
|---|---|
src/index.ts |
Entry point, bootstraps UI |
src/orchestrator.ts |
State machine, message routing, agent invocation |
src/agent-worker.ts |
Web Worker: Claude API tool-use loop |
src/tools.ts |
Tool definitions (bash, read/write files, fetch, etc.) |
src/vm.ts |
WebVM wrapper (v86 Alpine Linux in WASM) |
src/db.ts |
IndexedDB: messages, sessions, tasks, config |
src/storage.ts |
OPFS: per-group file storage |
src/router.ts |
Routes messages to correct channel |
src/channels/browser-chat.ts |
In-browser chat channel |
src/channels/telegram.ts |
Telegram Bot API channel |
src/task-scheduler.ts |
Cron expression evaluation |
src/crypto.ts |
AES-256-GCM encryption for stored credentials |
src/ui/ |
Chat, settings, and task manager components |
- You type a message in the browser chat (or send one via Telegram)
- The orchestrator checks the trigger pattern, saves to IndexedDB, queues for processing
- The agent worker (a Web Worker) sends your message + conversation history to the Anthropic API
- Claude responds, possibly using tools (bash, file I/O, fetch, JavaScript)
- Tool results are fed back to Claude in a loop until it produces a final text response
- The response is routed back to the originating channel (browser chat or Telegram)
| Tool | What it does |
|---|---|
bash |
Execute shell commands in a sandboxed Linux VM (Alpine in WASM) |
javascript |
Execute JS code in an isolated scope (lighter than bash) |
read_file / write_file / list_files |
Manage files in OPFS per-group workspace |
fetch_url |
HTTP requests via browser fetch() (subject to CORS) |
update_memory |
Persist context to CLAUDE.md (loaded on every conversation) |
create_task |
Schedule recurring tasks with cron expressions |
Optional. Works entirely via HTTPS — no WebSockets or special protocols.
- Create a bot with
@BotFatheron Telegram - Open Settings in OpenBrowserClaw, paste the bot token
- Send
/chatidto your bot to get the chat ID - Add the chat ID in Settings
- Messages from Telegram are processed the same as browser chat
Caveat: The browser tab must be open for the bot to respond. Messages queue on Telegram's side and are processed when you reopen the tab.
The bash tool runs commands in a v86-emulated Alpine Linux. To enable:
- Download the v86 WASM binary and Alpine rootfs image
- Place them in
public/assets/:public/assets/v86.wasmpublic/assets/v86/libv86.jspublic/assets/alpine-rootfs.ext2
- The VM boots automatically on first use (~5-15 seconds)
Without these assets, the bash tool returns a helpful error. All other tools work without the VM.
| NanoClaw | OpenBrowserClaw | |
|---|---|---|
| Runtime | Node.js process | Browser tab |
| Agent sandbox | Docker/Apple Container | Web Worker + WebVM |
| Database | SQLite (better-sqlite3) | IndexedDB |
| Files | Filesystem | OPFS |
| Primary channel | In-browser chat | |
| Other channels | Telegram, Discord | Telegram |
| Agent SDK | Claude Agent SDK | Raw Anthropic API |
| Background tasks | launchd service | setInterval (tab must be open) |
| Deployment | Self-hosted server | Static files (any CDN) |
| Dependencies | ~50 npm packages | 0 runtime deps |
npm run dev # Vite dev server with HMR
npm run build # Production build → dist/
npm run preview # Preview production build
npm run typecheck # TypeScript type checkingnpm run build
# Upload dist/ to any static host:
# GitHub Pages, Cloudflare Pages, Netlify, Vercel, S3, etc.No server needed. It's just HTML, CSS, and JS.
OpenBrowserClaw is a proof of concept. All data stays in your browser, nothing is sent to any server except the Anthropic API. Here's an honest look at the current security posture:
What it does:
- API keys are encrypted at rest with AES-256-GCM using a non-extractable
CryptoKeystored in IndexedDB. JavaScript cannot export the raw key material. - All storage (IndexedDB, OPFS) is same-origin scoped by the browser.
- The agent runs in a Web Worker, separate from the UI thread.
What it doesn't do (yet):
- The encryption protects against casual inspection (DevTools, disk forensics) but not a full XSS attack on the same origin, an attacker with script execution could call the encrypt/decrypt API.
- The
javascripttool runseval()in the Worker, which has access tofetch(). This means Claude can make arbitrary HTTP requests through the JS tool regardless of anyfetch_urlrestrictions. - Outgoing HTTP requests (via
fetch_urlor the JS tool) have no user confirmation step. - The Telegram bot token is currently stored in plaintext.
This is a single-user local tool, not a multi-tenant platform. Contributions to improve the security model are welcome.
