Red Hat maintainer boosts safety of enterprise Claw deployments

On Tuesday, Red Hat principal software engineer Sally O’Malley unveiled Tank OS, a new open source tool designed to make deploying and managing OpenClaw agents safer and more efficient. The release targets both power users running OpenClaw on personal machines and IT professionals overseeing large fleets of corporate agents.

“This was a fun project that I put together on the weekend that I knew would be a really good fit for AI and where we’re going,” O’Malley told TechCrunch, adding that she wanted to give it “to the masses.” Her tool aims to address a growing need as OpenClaw,an open source project that installs an AI agent on a local computer,gains traction across enterprises.

O’Malley’s background makes this release particularly noteworthy. As an OpenClaw maintainer, she is among the select engineers working directly with creator Peter Steinberger to prioritize features and bug fixes. Her focus has been on improving OpenClaw’s performance in enterprise settings and ensuring compatibility with Red Hat’s Linux distributions. (Though Steinberger was hired by OpenAI, he continues to lead the independent OpenClaw project.)

O’Malley joined the OpenClaw effort because she believes in “enabling everyone to run AI in a safe way, that’s open.” However, she began considering what happens when OpenClaw spreads across an organization and decided to build a tool for that scenario. She started with Podman, an open source container tool created by a Red Hat colleague. Containers allow apps to run separately from the underlying computer, bundling everything needed to operate. This means a Linux app can run on a Windows or Mac machine.

Podman is particularly secure because it is “rootless,” meaning containers receive no privileges from the host machine, according to Red Hat. Tank OS loads OpenClaw onto Red Hat’s Fedora Linux OS inside a Podman container and turns that container into a bootable image. When the computer starts, the image automatically runs and launches OpenClaw.

The tool includes everything needed for OpenClaw to function without human supervision: state for memory, API key storage for accessing subscriptions and services, and other essential features. Users can run multiple Tank OS instances on a single machine for different tasks, with no sharing of passwords or credentials between them. No OpenClaw instance can access anything else running on the computer.

O’Malley acknowledges that while the OpenClaw project is working to improve safety, the agent remains “an incredibly powerful application” that can also be “dangerous” if misconfigured. “It’s not a tool that you can use easily unless you do have some sort of technical experience,” she said. Stories of mishaps include a Meta AI security researcher whose Claw deleted all her work email and an agent that downloaded a user’s WhatsApp DMs in plain text. A growing number of malware strains now target OpenClaw users.

Tank OS is not for beginners either, O’Malley admits. Users need comfort with installing and maintaining software. It is also not the only container-based OpenClaw implementation; NanoClaw, for example, works with Docker. However, Tank OS is designed for IT professionals,Red Hat’s core customers,who may manage fleets of OpenClaw agents on corporate computers. It allows them to update agents using the same methods they already use for other containers.

“My role within OpenClaw is really my interest in it,” O’Malley said. “How it’s going to look scaled out when there are millions of these autonomous agents talking to one another.”