I really like OpenClaw. But after seeing users lose money due to exposed API keys and open server ports, I started thinking. could we have the same freedom, but inside a sandbox?
SandClaw is a desktop trading IDE (Tauri v2 + React) where every broker runs as an independent plugin behind its own API endpoint. The frontend and backend are completely separated, and broker credentials are never exposed to the UI layer.
Key Features.
. 18 broker plugins (Interactive Brokers, LS Securities, Kraken, Kalshi, bitFlyer, kabu STATION, and more). Each broker API service is provided as an independent plugin. Brokers can be expanded infinitely through plugins, and new brokers will continue to be added.
. 182 tools across 30 tool groups, dynamically loaded by keyword. Unlike OpenClaw, the connected AI can create, modify, and edit its own tools.
. AI autopilot that operates exclusively inside the sandbox. Paper trading is required before real money. Multi layered retrieval and analysis is built in, and the AI expands its memory over time as it repeats investments.
. Multi engine support. Run multiple trading engines simultaneously across different brokers and markets. For example, Kraken and Interactive Brokers can operate at the same time in complete isolation.
. Cross platform notifications. Desktop modals, Telegram, Discord, Slack, and even voice recognition, all integrated into a consistent confirmation flow.
. Ed25519 signature verification and SHA 256 hash checks in the plugin store.
. 3 layer browser automation (headless requests, Chrome CDP, Playwright fallback).
How it differs from OpenClaw.
. UI first design. Built with accessibility in mind so even non developers can use it easily.
. User credentials and API keys are fully separated. Security is enforced through Soul.md files and rule based policies.
. Scheduled AI wake cycles. The AI activates at 2, 6, 12, or 24 hour intervals to check the market and act on its own.
. Hive page. Connected AI agents can exchange information with each other through JWT secured channels. Humans cannot access this layer. This feature can be toggled on or off.
. Per plugin rate limiting. Every broker API has different rate limits, so each plugin enforces its own. One misbehaving plugin cannot take down the others.
. Desktop app. Your keys stay on your machine, not on a server with open ports.
. CDP skills and the AI can build its own GitHub skills autonomously.
Honestly, I started this project to build a simple trading program. Now it has so many features that even I am not entirely sure what it is anymore.
Tech stack. Tauri v2, React 18, Python backend (port 8085), Prisma, Supabase auth, WebSocket streaming.
Completely free. All trading features have been fully tested, but since the AI can create its own tools and write Python code, the possible combinations are practically infinite. It is impossible to test every scenario, so it is released as v0.9.0 beta.
GitHub (Plugins). https://github.com/kokogo100/sandclaw GitHub (Desktop App). https://github.com/kokogo100/sandclaw-releases
I would love feedback from the HN community, especially on the plugin security model and the sandbox architecture.