Project Templates์ถ์ฒ: Show HN์กฐํ์ 13
Show HN: Carapace โ A security-hardened Rust alternative to OpenClaw
By puremachinery2026๋
2์ 12์ผ
**Show HN: Carapace โ A security-hardened Rust alternative to OpenClaw**
Carapace is an open-source personal AI assistant gateway written in Rust. It connects to Anthropic, OpenAI, Ollama, Gemini, and Bedrock, and works through Discord, Telegram, Signal, Slack, and webhooks. Apache-2.0 licensed.I started building it after the January 2026 OpenClaw security disclosures โ 42K exposed instances on Shodan (78% still unpatched), 3 CVEs with public exploits, 341+ malicious skills on ClawHub (Snyk found 36% of all skills have security flaws), 1-click RCE via the Control UI, plaintext credentials harvestable by commodity infostealers. The problems weren't bugs; they were architecture decisions โ open by default, no signing, full host privileges, secrets in JSON files. The February wave from Kaspersky, Palo Alto, Snyk, and SecurityScorecard made it worse, not better.Carapace takes the opposite defaults: localhost-only binding, fail-closed auth, OS keychain credential storage, Ed25519-signed WASM plugins with capability sandboxing, prompt guard with exec approval, SSRF/DNS-rebinding defense...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ Show HN์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Carapace is an open-source personal AI assistant gateway written in Rust. It connects to Anthropic, OpenAI, Ollama, Gemini, and Bedrock, and works through Discord, Telegram, Signal, Slack, and webhooks. Apache-2.0 licensed.I started building it after the January 2026 OpenClaw security disclosures โ 42K exposed instances on Shodan (78% still unpatched), 3 CVEs with public exploits, 341+ malicious skills on ClawHub (Snyk found 36% of all skills have security flaws), 1-click RCE via the Control UI, plaintext credentials harvestable by commodity infostealers. The problems weren't bugs; they were architecture decisions โ open by default, no signing, full host privileges, secrets in JSON files. The February wave from Kaspersky, Palo Alto, Snyk, and SecurityScorecard made it worse, not better.Carapace takes the opposite defaults: localhost-only binding, fail-closed auth, OS keychain credential storage, Ed25519-signed WASM plugins with capability sandboxing, prompt guard with exec approval, SSRF/DNS-rebinding defense...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ Show HN์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.