I'm a security engineer with 15+ years in enterprise security. After watching OpenClaw explode to 180K stars while binding to 0.0.0.0 by default, shipping no encryption, and accumulating 512 CVEs — I decided to build what I think a personal AI agent should look like when security comes first.
Gulama is an open-source personal AI agent with 15+ security mechanisms built into the core:
- AES-256-GCM encryption for all credentials and memories (never plaintext) - Sandboxed execution via bubblewrap/Docker (same sandbox Anthropic uses for Claude Code) - Ed25519-signed skills (no unsigned code runs — unlike ClawHub's 230+ malicious skills) - Cedar-inspired policy engine for deterministic authorization - Canary tokens for prompt injection detection - Egress filtering + DLP to prevent data exfiltration - Gateway binds 127.0.0.1 ONLY by default (not 0.0.0.0) - Cryptographic hash-chain audit trail
Beyond security, it's a full-featured agent:
- 100+ LLM providers via LiteLLM (Anthropic, OpenAI, DeepSeek, Ollama, etc.) - 19 built-in skills (files, shell, web, browser, email, calendar, GitHub, Notion, Spotify, voice, MCP bridge, and more) - 10 communication channels (CLI, Telegram, Discord, Slack, WhatsApp, Matrix, Teams, Web UI, Voice Wake) - Full MCP server + client support - Multi-agent orchestration with background sub-agents - RAG-powered memory via ChromaDB - Self-modifying: the agent writes its own new skills at runtime (sandboxed) - 5 autonomy levels from "ask before everything" to full autopilot
Install: pip install gulama && gulama setup && gulama chat
Stack: Python 3.12+, FastAPI, LiteLLM, SQLite, ChromaDB, Click PyPI: https://pypi.org/project/gulama/
Happy to answer any questions about the security architecture or design decisions.