Author here. I built this after seeing OpenClaw (68K stars) give agents
full access to ~/.ssh, ~/.aws, and browser cookies with zero container
isolation.
SecLaw runs 4 Docker containers with strict boundaries: non-root,
cap_drop ALL, read-only filesystem, 512MB/1CPU limits per container,
zero inbound ports via Cloudflare Tunnel. API keys are sealed per service,
not shared across containers.
The interesting part is multi-agent auto-routing. You install agents as
templates (npx seclaw add inbox-agent, npx seclaw add research-agent)
and they stack onto one Telegram bot. The LLM routes each message to the
right capability — email questions go to Inbox, lead questions go to Sales.
Every response shows which agent answered.
Architecture: Node.js agent + Inngest for scheduled workflows + Desktop
Commander (MCP server, read-only) + Cloudflare Tunnel. All orchestrated
by a single CLI command.
Setup is `npx seclaw` — walks you through LLM provider, API key, Telegram
token, and runs docker compose up. 60 seconds, no YAML editing.
Author here. I built this after seeing OpenClaw (68K stars) give agents full access to ~/.ssh, ~/.aws, and browser cookies with zero container isolation.