# SafestClaw 🐾 **The zero-cost alternative to OpenClaw. No LLM required, though it is optional. No required API bills. Minimal attack surface. Runs on any machine.** You can simply type pip install safestclaw and it will download, please read install.md to understand what to do. You only want what you need, so install.md comes with the ML safestclaw and you can add any additional features we support with pip install. I run safestclaw like so python -m safestclaw which will load the command line interface. You can setup the system at anytime and make modifications by running python -m safestclaw setup. This is where you can choose if you want to use an LLM or stick with the ML actions. You can choose if you want to enable it as an mcp, use web ui and or telegram. If you don't use an LLM you have to learn from the /help documentation. Simple things like what is the weather in insert town name, will respond without an LLM, because it uses a weather api. If you type in news tech it will give you a summary from over fifty different sources of the tech news of the day. If you type in news it will provide a summary for the news in general and show you its sources. The thing that this solves is making actions auditable and only using an LLM when things actually require an LLM. Language models aren't needed nearly as much as people believe they are. There has been established ML ways to do things for sometimes a decade that people pay LLM providers for. This is a waste of money, so we make it so you don't have to waste thaat money. We provide a research tool research insert what you want to research and then choose arxiv, wolframalpha or any other source we support, so research lstm arxiv will return research from arxiv. This may require an LLM to work. You can blog without an LLM that will be saved as text files. You can do security audits of code without an LLM with safestclaw. You can use telegram and a localhost web ui WITHOUT an LLM. LLMs do make it easier so you don't have to memorize the documentation, but if you don't mind learning documentation you can get most of the features people rave about in openclaw for free. --- We did huge updates for surpassing ⭐⭐two hundred and fifty stars⭐⭐. Our next update palooza will be at ⭐⭐four hundred stars⭐⭐ ## Why SafestClaw? | | SafestClaw | OpenClaw | |---|---|---| | **Monthly cost by default** | **$0** | $100–$3,600+ | | **Requires LLM** | No (optional for AI blogging, coding, and research all have no LLM options) | yes | **Prompt injection risk** | **Minimal** (only if a url you go to is malicious) | Yes (everywhere) | | **Works offline** | **Yes** all default features, except weather | No | | **Runs on any machine** | **Yes** (Linux, macOS, Windows) | Needs powerful hardware or cloud APIs | | **Deterministic output** | **Yes** | No (LLM responses vary) | | **Privacy** | **Local by default** (external only when you ask or setup an llm, e.g. weather) | Data always sent to API providers | ## Full Comparison: SafestClaw vs OpenClaw | Feature | SafestClaw | OpenClaw | |---|---|---| | Self-hosted | βœ… | βœ… | | Cross-platform (Linux, macOS, Windows) | βœ… | βœ… | | No AI/LLM required | βœ… | ❌ | | Offline capable | βœ… | ❌ | | Zero API cost | βœ… | ❌ | | Prompt injection risk | **Minimal** (only LLM research) | Everywhere | | Privacy-first | βœ… (local by default) | βœ… | | Voice (STT/TTS) | βœ… (Whisper + Piper, local) | βœ… (ElevenLabs, paid API) | | Smart home control | βœ… | βœ… (via skills) | | Bluetooth control | βœ… | ❌ | | Network scanning | βœ… | ❌ | | Social media summaries | βœ… (Twitter, Mastodon, Bluesky) | ❌ (requires separate skills) | | Web crawling | βœ… | βœ… | | Summarization | βœ… (extractive) | βœ… (AI-generated) | | RSS/News feeds | βœ… (50+ feeds) | βœ… (via skills) | | Sentiment analysis | βœ… (VADER) | βœ… (AI) | | Email integration | βœ… | βœ… | | Calendar support | βœ… (.ics + CalDAV) | βœ… | | Document reading | βœ… | βœ… | | Desktop notifications | βœ… | βœ… | | Object detection | βœ… (YOLO) | ❌ | | OCR | βœ… (Tesseract) | ❌ | | Cron jobs | βœ… | βœ… | | Webhooks | βœ… | βœ… | | Localhost web UI | βœ… (loopback-only, no CDNs) | βœ… | | Model Context Protocol (MCP) server | βœ… (FastMCP, every action as a tool) | βœ… | | Security scanners (no AI) | βœ… (bandit, pip-audit, semgrep, trivy, gitleaks, …) | ❌ | | Multi-channel | βœ… (CLI, Web, Telegram, Webhooks) | βœ… (13+ platforms) | | Plugin system | βœ… | βœ… (5,700+ skills) | | Free-form chat | ❌ | βœ… | | Blog with and without LLM | βœ… no llm (extractive titles) with LLM, AI blogging | ❌ (always requires AI) | Blog publishing (WordPress, Joomla, SFTP) | βœ… | ❌ (requires plugins) | | Writing style learning | βœ… (statistical profiling) | ❌ | | Academic research (arXiv, Scholar) | βœ… (free, no API key) | ❌ | | Wolfram Alpha | βœ… (computational knowledge) | ❌ | | Simple setup (enter key or local) simple telegram and blogging setup | βœ… (one command) | ❌ | | Auto-learning from mistakes | βœ… (word-to-number, typo correction) | ❌ | | Research pipeline | βœ… (two-phase, LLM optional) | βœ… (AI only) | | Code templates & tools | βœ… (7 templates, offline utils) | ❌ (requires AI) | | Auto-blog scheduling | βœ… (cron-based) | ❌ | | Task-aware prompts | βœ… (per-task LLM routing) | βœ… | | Command chaining | βœ… ("read email and remind me at 3pm") | βœ… | | Autonomous multi-step tasks | ❌ | βœ… | | Self-writing skills | ❌ | βœ… | | Browser automation | ❌ | βœ… | --- ## Features ### πŸ—£οΈ Voice Control * **Speech-to-Text** β€” Whisper STT runs locally, no cloud transcription * **Text-to-Speech** β€” Piper TTS for natural voice output, completely offline * **Voice-first workflow** β€” Talk to SafestClaw like you would any assistant ### 🏠 Smart Home & Device Control * **Smart home integration** β€” Control your connected devices * **Bluetooth device control** β€” Discover and manage Bluetooth devices * **Network scanning** β€” Device discovery on your local network ### πŸ“± Social Media Intelligence * **Twitter/X summarization** β€” Add accounts, get summaries of their activity * **Mastodon summarization** β€” Follow and summarize fediverse accounts * **Bluesky summarization** β€” Track and summarize Bluesky feeds * No API tokens needed for public content ### πŸ“° RSS News Aggregation * **50+ preset feeds** β€” Hacker News, Ars Technica, BBC, Reuters, Nature, and more * **8 categories** β€” Tech, World, Science, Business, Programming, Security, Linux, AI * **Custom feeds** β€” Import any RSS/Atom feed * **Auto-summarization** β€” Extractive summaries with sumy (no AI) * **Per-user preferences** β€” Customize your news sources ### πŸ”’ Privacy & Security * **Self-hosted by default** β€” Your data stays local unless you explicitly request external info (like weather) * **No API keys required** β€” Core features work completely offline * **No cloud AI dependencies** β€” No tokens sent to OpenAI, Anthropic, or Google * **Minimal prompt injection surface** β€” Core features (blogging, coding, commands) use rule-based parsing with zero LLM, so they're immune to prompt injection. Research and deep analysis *can* optionally use an LLM to synthesize sources β€” when enabled, content from external sources (arXiv abstracts, web pages) is fed to the LLM, which carries a minimal prompt injection risk. Phase 1 research (gathering/summarizing) never uses an LLM and is safe. We're transparent about this tradeoff. ### πŸ“‘ Multi-Channel * **CLI** β€” Interactive command line with Rich formatting * **Telegram** β€” Full bot integration * **Discord** β€” Coming soon * **Slack** β€” Coming soon * **Webhooks** β€” Inbound and outbound support ### ⚑ Automation * **Command chaining** β€” Combine actions naturally: "read my email and remind me at 3pm" * **Web crawling** β€” Async crawling with depth limits and domain filtering * **Summarization** β€” LexRank, TextRank, LSA, Luhn algorithms * **Reminders** β€” Natural language time parsing with dateparser * **Shell commands** β€” Sandboxed command execution * **File operations** β€” Search, list, read files * **Cron jobs** β€” Scheduled task automation * **Daily briefings** β€” Weather, reminders, news from your feeds ### πŸ“Š Text Analysis * **VADER Sentiment** β€” Lexicon-based sentiment analysis * **Keyword Extraction** β€” TF-IDF style extraction * **Readability Scoring** β€” Flesch-Kincaid metrics ### πŸ“§ Email Integration * **IMAP Support** β€” Read emails from Gmail, Outlook, Yahoo * **SMTP Support** β€” Send emails * **Standard protocols** β€” No API keys required ### πŸ“… Calendar Support * **ICS Files** β€” Import and parse .ics calendar files * **CalDAV** β€” Sync from Nextcloud, Radicale, iCloud, Fastmail, Google (`pip install safestclaw[caldav]`) * **Event filtering** β€” Today, upcoming, by date range * **Chat commands** β€” `calendar today`, `calendar upcoming 14`, `calendar import ~/cal.ics`, `calendar sync`, `calendar calendars` ### πŸ“„ Document Reading * **PDF** β€” Text extraction with PyMuPDF * **DOCX** β€” Microsoft Word documents * **HTML/Markdown/TXT** β€” Plain text formats ### πŸ”” Notifications * **Desktop notifications** β€” Cross-platform (macOS, Windows, Linux) * **Priority levels** β€” Low, normal, high, urgent * **Rate limiting** β€” Prevent notification spam ### πŸ‘οΈ Optional ML Features * **NLP** β€” spaCy named entity recognition (~50MB) * **Vision** β€” YOLO object detection + OCR (~2GB) * **OCR** β€” Tesseract text extraction from images (lightweight) ### 🌐 Localhost Web UI * **Single-page chat** at `http://127.0.0.1:8771/` β€” no CDNs, no JS framework * **Drives the whole engine** β€” every action, every plugin, every command * **Loopback only** β€” `WebChannel` refuses non-127.0.0.1 binds at construction * **Optional auth** β€” Bearer token via `channels.web.auth_token` * **JSON API** β€” `/api/health`, `/api/actions`, `/api/help`, `/api/message`, `/api/history` * Run standalone: `safestclaw web` β€” Telegram auto-starts when enabled in config; other channels have their own commands (`safestclaw`, `safestclaw webhook`, `safestclaw telegram`) ### πŸ›‘οΈ Security Scanners (no AI) * **bandit, pip-audit, safety, semgrep, trivy, detect-secrets, gitleaks** β€” all optional, all auto-detected * `security tools` β€” see what's installed and how to install the rest * `security scan ~/projects/myapp` β€” run every available scanner against a path * Per-scanner: `security bandit `, `security pip-audit`, `security trivy `, etc. * Sandboxed: paths must be inside `plugins.security.allowed_paths`; scanners run via `create_subprocess_exec` (no shell) ### πŸ”Œ Model Context Protocol (FastMCP) * **Every action as an MCP tool** β€” `summarize`, `crawl`, `calendar`, `news`, `blog`, `research`, … all callable from MCP clients * **Transports** β€” `stdio` (Claude Desktop, IDE extensions), `sse`, `streamable-http` * **Run as a subprocess** β€” `safestclaw mcp` (the format MCP clients spawn) * **In-process HTTP** β€” enable `plugins.fastmcp.autostart` to expose a SSE/HTTP server when SafestClaw boots * **Opt-in** β€” `pip install safestclaw[mcp]`, then enable in the setup wizard or `config.yaml` ### πŸ”¬ Real Research Sources * **arXiv** β€” Search academic papers across CS, math, physics, biology, and more (free, no API key) * **Semantic Scholar** β€” Academic papers with citation counts and author info (free, no API key) * **Wolfram Alpha** β€” Computational knowledge engine for factual answers and calculations * **Smart routing** β€” `research ` searches all sources at once, or use `research arxiv`, `research scholar`, `research wolfram` individually * **Two-phase pipeline** β€” Phase 1 gathers from real research sources ($0), Phase 2 does optional LLM deep analysis ### πŸ€– Super Simple AI Setup * **Just enter your key** β€” `setup ai sk-ant-your-key` and you're done. Auto-detects Anthropic, OpenAI, Google, Groq * **Or go local** β€” `setup ai local` auto-installs Ollama, downloads a model, configures SafestClaw * **Model presets** β€” `setup ai local small` (1.3GB), `setup ai local coding`, `setup ai local writing` * **Status check** β€” `setup ai status` shows what's configured * **Zero config files** β€” No YAML editing needed, the command does it for you ### πŸ“€ Blog Publishing β€” Preview, Templates, Repeat * **Preview before publishing** β€” `preview blog [to ]` renders the exact HTML that would be uploaded and saves a copy locally so you can open it in a browser * **Asks once, friendly** β€” when you set up a new SFTP target (or start a publish to one without a template) SafestClaw offers to learn your existing site template β€” answer `yes`, `auto`, `no`, or `folders` * **Browse remote folders** β€” `list folders on ` lists subdirectories under the target's remote path so you can pick where to publish (requires `pip install safestclaw[sftp]`) * **Auto-learn template from existing posts** β€” `learn template from ` downloads the most recent post on the server, detects title + content regions, replaces them with `{title}` / `{content}` placeholders, and saves the result as the target's template. Site chrome (head, nav, footer, sidebar) is preserved verbatim * **Or set `auto_detect_template: true`** on a target and the first publish learns and caches the template automatically β€” no manual step * **Custom HTML template per target** β€” set `html_template` (inline) or `html_template_path` (file) on a `publish_targets` entry; placeholders: `{title}`, `{content}`, `{excerpt}`, `{date}`, `{slug}` * **Subfolder per site** β€” `sftp_subfolder: "blog"` (or set inline with `subfolder=blog/posts` on the setup command) so each post uploads to `{remote_path}/{subfolder}/.html` * **Repeat last publish** β€” `publish blog again` or `publish blog to here` reuses the last successful target, no retyping ### 🀝 LLM Cascade with ML Fallback * **Provider cascade** β€” bad API key / quota / rate-limit / network failure on one provider auto-falls-through to the next configured one (cloud first, local last) * **Last-resort ML fallback** β€” when every LLM provider is unreachable, AI blog `rewrite` / `expand` / `headlines` use the deterministic ML stack (sumy summarisation + keyword heuristics) so you still get useful output * **Clear banner** β€” fallback responses are prefixed with `_(falling back to local ML)_` plus the original error so you know exactly what happened ### πŸ› οΈ First-Run Setup, Anywhere * **Same walkthrough in every channel** β€” CLI, web UI, Telegram all guide first-time users through local-only / cloud / hybrid / skip * **Conversational** β€” type a number or `skip`; no rich prompts that only work in a TTY * **Web UI banner** β€” driven by `/api/health.needs_setup` * **CLI nudge** β€” yellow setup-needed panel right after launch when config isn't complete * **Triggers any time `setup_completed` isn't set** β€” not just first launch; perfect for users who never finished setup ### πŸ“Ά Offline-Aware * **Network probe with caching** β€” actions check connectivity before reaching out, falling back gracefully when offline * **`i'm offline` / `i'm online`** β€” pin offline mode any time (plane, metered link, etc.); SafestClaw stops probing and returns local/cached results until you switch back * **Friendly fallback messages** β€” when an academic search can't reach arXiv/Scholar/Wolfram, you get a clear explanation plus any matches from your previous research sessions * **No silent failures** β€” every offline reply tells you it's offline and how to try again ### πŸ’¬ Conversational Input * **Talk naturally** β€” "hey claw, lets publish this blog" works the same as `publish blog` * **Friendly acknowledgments** β€” every intent gets a short, intent-aware intro when you phrase things conversationally ("Got it β€” wiring up the auto-blog…", "Sure β€” checking your calendar…") * **Strict form still terse** β€” `research arxiv quantum` (canonical) returns the dense output without preamble * **Mid-sentence handoffs handled** β€” "hey man, id like to research, lets try arxiv quantum computing" routes correctly to arXiv ### 🧠 Smart Input Learning * **Word-to-number** β€” Type "research select one two three" and SafestClaw understands "1 2 3" * **Typo auto-correction** β€” "remaind me" β†’ "remind me", "summerize" β†’ "summarize" * **Shorthand** β€” "tmrw" β†’ "tomorrow", "hrs" β†’ "hours", "mins" β†’ "minutes" * **Auto-learns from mistakes** β€” If a command fails and you retype it correctly, SafestClaw remembers the mapping for next time * **No AI needed** β€” All corrections are rule-based and deterministic ### πŸ’¬ Optional LLM Command Understanding (NLU) Don't want to memorise command syntax? Enable the NLU bridge and just talk naturally: ``` # Without NLU β€” you have to know the exact phrase: remind me tomorrow at 9am to call the dentist # With NLU enabled β€” any phrasing works: hey, can you remind me to call the dentist tomorrow morning at 9? I need a reminder for tomorrow at 9 to call the dentist put a 9am reminder tomorrow: dentist call ``` The NLU bridge uses your configured LLM (any provider) as a **pure translator**: it converts what you typed into the closest matching SafestClaw command string, which then goes through the same rule-based parser as always. The LLM never executes anything directly β€” it only re-words your input. Enable in `config/config.yaml`: ```yaml safestclaw: nlu: enabled: true provider: my-claude # optional β€” uses active provider if omitted temperature: 0.0 # deterministic output show_translation: true # shows "_(understood as: remind me ...)_" prefix ``` **Privacy note:** When NLU is enabled, unrecognised commands are sent to your configured LLM provider. Recognised commands (the vast majority) are still handled entirely locally with zero tokens consumed. ### ✍️ Writing Style Profiler * **Learn your voice** β€” Feed SafestClaw your writing and it builds a 35-metric profile (sentence length, vocabulary, formality, contractions, structure, favorite words, etc.) * **Persistent memory** β€” Your profile is stored in SQLite and improves with every sample * **LLM prompt generation** β€” Profile converts to writing style instructions for any LLM provider * **No AI required** β€” All analysis uses NLTK, VADER, and statistical methods locally ### πŸ”¬ Research Pipeline * **Two-phase workflow** β€” Phase 1 gathers and summarizes sources (no LLM, $0). Phase 2 does optional LLM deep analysis * **Source gathering** β€” Searches RSS feeds and crawls URLs, auto-summarizes with Sumy * **Source selection** β€” You pick which sources matter before spending any tokens * **Deep analysis** β€” Optional LLM analyzes selected sources with structured output ### πŸ’» Coding Toolbox * **7 templates** β€” python-script, python-class, python-test, fastapi-endpoint, html-page, dockerfile, github-action * **Code stats** β€” Lines of code by language for any directory * **Regex tester** β€” Test and explain regex patterns with match highlighting * **Code search** β€” Regex search across code files * **File diff** β€” Compare two files side by side * **LLM-powered (optional)** β€” Generate, explain, review, refactor, document code ### πŸ“… Auto Blog Scheduler * **Cron scheduling** β€” Schedule recurring blog generation with cron expressions * **Source categories** β€” Pull from specific RSS categories automatically * **Async-safe** β€” Detects scheduler type mismatches and warns clearly instead of silently failing * **Optional LLM step** β€” Source gathering stays deterministic; opt-in `llm_enabled` post-processes the draft via the configured AI provider (modes: `rewrite`, `expand`, `headline`, `generate`) * **Honors `task_providers.blog`** β€” Use a different LLM for blogging vs research / coding * **Graceful fallback** β€” On any LLM failure (rate limit, network, no providers) the cron job publishes the deterministic draft instead of skipping ### 🧠 Smart Prompt Builder * **Task-aware prompts** β€” Generates optimized prompts for blog, research, and coding tasks * **Writing profile integration** β€” Automatically injects your writing style into blog prompts * **Provider routing** β€” Each task type can use a different LLM provider * **Flow diagram** β€” `show me the flow` displays the full architecture as ASCII art ### πŸ₯š Easter Eggs * Built-in personality and hidden surprises β€” because tools should be fun ### πŸ“ Blogging β€” Two Modes **Deterministic Blog (No AI, No Cost):** * **Write blog news** β€” Add entries with natural language: "write blog news We shipped faster crawling today." * **Crawl sites for content** β€” "crawl https://example.com for title content", "crawl example.com for body content" * **Auto-generated titles** β€” Extractive summarization picks the most representative content as your headline. No LLM, just math. * **Plain .txt output** β€” Your blog is a simple text file you can share anywhere **AI Blog (Optional, Multi-Provider):** * **Generate full posts from a topic** β€” "ai blog generate about sustainable technology" * **Rewrite, expand, polish** β€” "ai rewrite blog", "ai expand blog" * **AI headlines and SEO** β€” "ai headlines", "ai blog seo" * **11 providers** β€” 5 local (Ollama, LM Studio, llama.cpp, LocalAI, Jan) + 6 cloud (OpenAI, Anthropic, Google, Mistral, Groq, custom) * **Local AI = free + private** β€” Run Ollama or LM Studio and pay nothing **Multi-Platform Publishing:** * **WordPress** β€” REST API v2 with Application Passwords, JWT, or Basic Auth * **Joomla** β€” Web Services API (Joomla 4+) * **SFTP** β€” Upload HTML to any server * **Generic API** β€” POST JSON to any endpoint * **Front page management** β€” Set which post is the home page on any target --- --- ## Installation ### From PyPI (recommended) ```bash pip install safestclaw # core pip install "safestclaw[mcp]" # + FastMCP plugin (Model Context Protocol) pip install "safestclaw[caldav]" # + CalDAV calendar sync pip install "safestclaw[telegram]" # + Telegram bot channel pip install "safestclaw[smarthome]" # + Philips Hue / Home Assistant MQTT pip install "safestclaw[all]" # everything except heavy ML deps ``` ### Using pipx (isolated CLI install) ```bash # Install pipx if needed # Linux: sudo apt install pipx # macOS: brew install pipx # Windows (PowerShell): python -m pip install --user pipx python -m pipx ensurepath pipx install safestclaw # or with extras: pipx install "safestclaw[mcp,caldav]" ``` ### Inside a virtual environment ```bash # Linux/macOS: python3 -m venv ~/.safestclaw-venv source ~/.safestclaw-venv/bin/activate # Windows (PowerShell): python -m venv $HOME\.safestclaw-venv $HOME\.safestclaw-venv\Scripts\Activate.ps1 pip install safestclaw ``` ### From source (for contributors) ```bash git clone https://github.com/princezuda/safestclaw.git cd safestclaw pip install -e ".[dev]" pytest -q # 336 passed, 1 skipped ``` ### Optional ML Features Install extras the same way β€” replace `safestclaw` with the git URL or use the local checkout: ```bash # From a local clone (cd into the repo first) pip install -e ".[nlp]" # spaCy NER (~50MB) pip install -e ".[vision]" # YOLO + OCR (~2GB, needs PyTorch) pip install -e ".[ocr]" # OCR only (needs Tesseract) pip install -e ".[ml]" # all ML extras # Or directly from GitHub pipx install "git+https://github.com/princezuda/safestclaw.git#egg=safestclaw[ml]" ``` **Requirements:** Python 3.11+, ~50MB disk (base), ~2GB additional for vision features. Runs on Linux, macOS, and Windows. --- ## Quick Start ```bash # Start interactive mode safestclaw # Or with verbose logging safestclaw --verbose ``` ### Example Commands ``` > news # Get headlines from enabled feeds > news tech # Get tech news only > news categories # See all available categories > news enable science # Enable science feeds > add feed https://blog.example.com/rss # Add custom feed > summarize https://news.ycombinator.com > crawl https://example.com > remind me to call mom tomorrow at 3pm > morning briefing # Includes news from your feeds! > check my email # View inbox (requires setup) > read my email and remind me at 3pm # Chain commands naturally > calendar today # Today's events from .ics > calendar upcoming 14 # Next 14 days > calendar import ~/cal.ics # Import an .ics file > calendar sync # Pull from a configured CalDAV server > analyze sentiment of this text # VADER sentiment analysis > read document.pdf # Extract text from documents > write blog news We shipped a new feature today. # Blog entry (no AI) > crawl https://example.com for title content # Crawl for blog > blog title # Generate title from entries > publish blog # Save blog as .txt > blog # Interactive blog menu (AI or manual) > ai blog generate about home automation # AI writes a full post > ai rewrite blog # AI polishes your draft > publish blog to wp://mysite.com admin pass # Publish inline β€” no config needed > publish blog to my-wordpress # Or use a saved target from config > style learn I write concise, punchy posts. # Teach SafestClaw your style > style profile # View your writing profile > research WebAssembly performance # Search arXiv + Scholar + Wolfram > research arxiv quantum computing # Search arXiv papers directly > research scholar machine learning # Search Semantic Scholar > research wolfram integrate x^2 # Ask Wolfram Alpha > research select 1,2,3 # Pick sources to analyze > setup ai sk-ant-your-key-here # Enter your Anthropic key, done > setup ai local # Or auto-install Ollama (free!) > setup ai status # Check what's configured > code template python-class UserAuth Auth handler # Generate boilerplate > code templates # List all 7 templates > code stats src/ # Lines of code by language > code regex \d{3}-\d{4} test 555-1234 # Test regex > auto blog list # View scheduled auto-blogs > security tools # Show installed security scanners > security scan ~/projects/myapp # Run every available scanner > security bandit ~/projects/myapp # Python static analysis > security pip-audit # CVEs in installed Python deps > mcp status # Check FastMCP server state > mcp tools # List actions exposed over MCP > show me the flow # Architecture diagram > help ``` ### CLI Commands ```bash # News safestclaw news # Headlines from enabled categories safestclaw news tech # Tech news only safestclaw news --categories # List all categories safestclaw news world -n 20 # 20 world news headlines safestclaw news --add https://blog.example.com/rss --name "My Blog" safestclaw news -s # With auto-summarization # Summarize safestclaw summarize https://example.com/article -n 5 # Crawl safestclaw crawl https://example.com --depth 2 # Text analysis safestclaw analyze "This product is amazing! I love it." safestclaw analyze document.txt --no-readability # Documents safestclaw document report.pdf safestclaw document paper.docx --summarize -n 5 safestclaw document notes.md --output extracted.txt # Calendar safestclaw calendar import --file calendar.ics safestclaw calendar today --file calendar.ics safestclaw calendar upcoming --file calendar.ics --days 14 safestclaw calendar week --file calendar.ics # CalDAV sync (configure under actions.calendar.caldav, then run from chat): # calendar sync # pull events from a configured CalDAV server # calendar calendars # list calendars on the server # Blog β€” Deterministic (no AI) safestclaw blog help # Blog feature guide safestclaw blog write "New crawling features shipped today." safestclaw blog show # View draft and published posts safestclaw blog title # Generate title from entries safestclaw blog publish # Save blog as .txt safestclaw blog publish "My Custom Title" # Publish with custom title # Blog β€” AI-powered (requires ai_providers in config) safestclaw blog # Interactive menu (AI or manual) # ai blog generate about # AI writes a full blog post # ai rewrite blog # AI polishes your draft # ai expand blog # AI makes it longer # ai headlines # AI generates headline options # ai blog seo # AI generates SEO metadata # Publishing (requires publish_targets in config) # publish blog to my-wordpress # Publish to a specific target # publish blog to all # Publish to all targets # set front page 123 on my-wp # Set home page on a target # Writing Style safestclaw style learn "I write short, punchy sentences. No fluff." safestclaw style profile # View your writing profile # Research (arXiv, Semantic Scholar, Wolfram Alpha) safestclaw research "quantum computing" # Search all sources safestclaw research arxiv "transformer models" # arXiv papers safestclaw research scholar "deep learning" # Semantic Scholar safestclaw research wolfram "integrate x^2" # Wolfram Alpha safestclaw research sources # View gathered sources safestclaw research select 1,2,3 # Pick sources for deep analysis safestclaw research analyze # LLM deep dive (optional) # AI Setup (super simple) safestclaw setup ai sk-ant-your-key # Enter Anthropic key, done safestclaw setup ai sk-your-key # Or OpenAI key safestclaw setup ai local # Or auto-install Ollama (free) safestclaw setup ai local coding # Install coding-optimized model safestclaw setup ai status # Check your setup # Coding Toolbox safestclaw code templates # List available templates safestclaw code template python-class UserAuth "Auth handler" safestclaw code stats src/ # Lines of code by language safestclaw code search "TODO" src/ # Regex search code files safestclaw code regex "\d{3}-\d{4}" test "555-1234" safestclaw code diff file1.py file2.py # Auto Blog safestclaw auto blog setup # Interactive setup wizard safestclaw auto blog list # View scheduled auto-blogs safestclaw auto blog remove my-blog # Remove a schedule # Flow safestclaw flow # Architecture diagram # Webhooks safestclaw webhook --port 8765 # Localhost web UI (loopback-only, drives the entire engine) safestclaw web # http://127.0.0.1:8771/ safestclaw web --port 9000 # custom port safestclaw web --token "secret" # require Bearer/X-SafestClaw-Token # Telegram bot (token + allowlist read from channels.telegram in config.yaml) safestclaw telegram # start the bot standalone # Model Context Protocol (FastMCP β€” every action as an MCP tool) safestclaw mcp # stdio (Claude Desktop, IDE clients) safestclaw mcp --transport sse --port 8770 safestclaw mcp --transport streamable-http --port 8770 # Security scanners (no AI; auto-detects what's installed) safestclaw security tools # show installed scanners + install hints safestclaw security scan ~/projects/myapp # run every available scanner safestclaw security bandit ~/projects/myapp # Python static analysis safestclaw security pip-audit # CVEs in installed Python deps safestclaw security semgrep ~/projects/myapp # multi-language SAST safestclaw security trivy ~/projects/myapp # filesystem vuln scan safestclaw security secrets ~/projects/myapp # detect-secrets safestclaw security gitleaks ~/projects/myapp # gitleaks # Setup wizard (prompts for AI mode, web UI, MCP) safestclaw setup # Initialize config safestclaw init ``` --- ## Configuration SafestClaw looks for configuration in `config/config.yaml`: ```yaml safestclaw: name: "SafestClaw" language: "en" timezone: "UTC" channels: cli: enabled: true webhook: enabled: true port: 8765 web: # localhost-only chat UI + JSON API enabled: false host: "127.0.0.1" # loopback-only, enforced at construction port: 8771 auth_token: "" # optional Bearer token telegram: enabled: false token: "YOUR_BOT_TOKEN" actions: shell: enabled: true sandboxed: true timeout: 30 files: enabled: true allowed_paths: - "~" calendar: # optional CalDAV sync caldav: url: "https://nextcloud.example.com/remote.php/dav" username: "you" password: "app-password" calendar: "personal" # optional β€” omit to merge all calendars plugins: fastmcp: # expose every action as an MCP tool enabled: false transport: "stdio" # stdio | sse | streamable-http host: "127.0.0.1" port: 8770 security: # deterministic security scanners allowed_paths: - "~" - "/tmp" timeout: 120 ``` --- ## Writing Style & Research Guide ### Writing Style Profiler SafestClaw learns how you write by analyzing text samples. It builds a statistical profile β€” no AI needed. ``` > style learn I've been thinking about this for a while. The tech industry loves to overcomplicate things. Simple solutions work better. Profile updated (1 sample analyzed). > style learn Here's what I learned from shipping 50 side projects: most of them failed. And that's completely fine! Profile updated (2 samples analyzed). > style profile Writing Style Profile (2 samples analyzed) Tone: casual, neutral Avg sentence: 7 words Vocabulary: advanced (richness: 72%) Structure: conversational Uses contractions, first person, em-dashes Favorite words: easier, simple, something, learn ``` Your profile persists across sessions and automatically shapes AI blog prompts so generated posts sound like you. **Commands:** | Command | Description | |---|---| | `style learn ` | Feed SafestClaw a writing sample | | `style profile` | View your current writing profile | ### Research Pipeline Two-phase research: gather first (free), then optionally analyze with AI. ``` > research WebAssembly performance Found 8 sources. Use 'research sources' to view. > research sources 1. [HN] WebAssembly 2.0 Performance Benchmarks (4 sentences) 2. [RSS] Wasm vs Native: A Deep Dive (3 sentences) ... > research select 1,2,5 Selected 3 sources for deep analysis. > research analyze [LLM analyzes your selected sources with structured output] ``` **Commands:** | Command | Description | |---|---| | `research ` | Search feeds & crawl for sources (no LLM) | | `research url ` | Add a specific URL as a source | | `research sources` | View gathered sources with summaries | | `research select 1,2,3` | Pick sources for deep analysis | | `research analyze` | LLM deep dive on selected sources | | `research results` | View analysis results | | `research help` | Show all research commands | ### Coding Toolbox Offline coding utilities plus optional LLM-powered features. ``` > code templates python-script, python-class, python-test, fastapi-endpoint, html-page, dockerfile, github-action > code template python-class UserAuth Authentication handler @dataclass class UserAuth: """Authentication handler""" ... > code stats src/ python β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ 19,348 lines (55 files) 100% > code regex \d{3}-\d{4} test 555-1234 \d β€” digit (0-9) Match: 555-1234 ``` **Commands:** | Command | Description | |---|---| | `code templates` | List all 7 available templates | | `code template [Name] [desc]` | Generate boilerplate code | | `code stats ` | Lines of code by language | | `code search ` | Regex search across code files | | `code read ` | Display file with syntax info | | `code diff ` | Compare two files | | `code regex [test]` | Test and explain regex patterns | | `code generate ` | LLM generates code (optional) | | `code explain ` | LLM explains code (optional) | | `code review ` | LLM finds bugs (optional) | | `code help` | Show all coding commands | ### Auto Blog Scheduler Schedule recurring blog generation with cron expressions. Source gathering and extractive summarisation are always deterministic; an optional LLM step can rewrite, expand, headline, or fully regenerate the post. ``` > auto blog setup [Interactive wizard] > auto blog add weekly-tech "0 9 * * 1" tech,ai Auto-blog 'weekly-tech' scheduled: 0 9 * * 1 > auto blog list weekly-tech: 0 9 * * 1 (tech, ai) > auto blog remove weekly-tech Removed. ``` Without LLM (the default): ```yaml auto_blogs: - name: "weekly-tech" cron_expr: "0 9 * * 1" source_categories: [tech, programming] post_template: "digest" auto_publish: false ``` With LLM enrichment (uses `ai_providers` and optionally `task_providers.blog`): ```yaml auto_blogs: - name: "weekly-tech-llm" cron_expr: "0 9 * * 1" source_categories: [tech] post_template: "digest" llm_enabled: true llm_mode: "rewrite" # rewrite | expand | headline | generate llm_provider: "" # blank = use task_providers.blog or active # llm_topic: "The week in ML" # only for llm_mode: generate # llm_system_prompt: "Be terse." # optional override ``` Modes: * **rewrite** β€” improve the deterministic draft's flow and readability * **expand** β€” add depth and examples to the deterministic draft * **headline** β€” keep the body, replace the title * **generate** β€” write a brand-new post from the gathered items as context If the LLM call fails (rate limit, network, no providers), the deterministic draft is published instead β€” the cron job never silently skips. ### Task-Aware Prompt Builder Each task type (blog, research, coding) gets optimized prompts. Configure per-task LLM providers: ```yaml task_providers: blog: "local-ollama" # Blog posts use local Ollama research: "openai" # Research uses OpenAI for quality coding: "local-lmstudio" # Code tasks use LM Studio ``` Run `show me the flow` to see the full architecture diagram. --- ## Blogging Guide SafestClaw has two blogging modes. You can use either or both. ### Mode 1: Deterministic Blog (No AI) Write entries manually, crawl websites for content, and let SafestClaw generate titles using extractive summarization (LexRank, TextRank, LSA, Luhn). No API keys, no cost, fully offline. **Setup:** None β€” works out of the box. ``` > write blog news We shipped faster crawling today. Added entry (1 total). > crawl https://example.com for title content Extracted 3 titles, added to draft. > blog title Generated: "Faster Crawling Ships Today" > publish blog Saved: 2026-02-24-faster-crawling-ships-today.txt ``` **Commands:** | Command | Description | |---|---| | `write blog news ` | Add a manual entry to your draft | | `crawl for title content` | Extract page headings into draft | | `crawl for body content` | Extract main body text into draft | | `crawl for non-title content` | Extract non-heading text into draft | | `blog title` | Generate a title using extractive summarization | | `show blog` | View your draft and published posts | | `edit blog ` | Replace draft content | | `publish blog` | Save as `.txt` locally | | `publish blog My Custom Title` | Save with a custom title | ### Mode 2: AI Blog (Optional) AI generates full blog posts from a topic. You can rewrite, expand, generate headlines, and produce SEO metadata. Supports 11 providers β€” 5 local (free) and 6 cloud (API key required). **Setup:** 1. **Choose a provider.** For free/private, use a local provider. For quality/speed, use a cloud provider. 2. **Configure it in `config/config.yaml`** under `ai_providers`. Uncomment and fill in one or more: **Local AI (free, private, no API key):** ```yaml ai_providers: # Ollama β€” easiest local option - label: "local-ollama" provider: "ollama" model: "llama3.1" endpoint: "http://localhost:11434/api/chat" # LM Studio β€” GUI app with model browser # - label: "local-lmstudio" # provider: "lm_studio" # model: "local-model" # endpoint: "http://localhost:1234/v1/chat/completions" # llama.cpp β€” high-performance C++ inference # - label: "local-llamacpp" # provider: "llamacpp" # model: "local-model" # endpoint: "http://localhost:8080/v1/chat/completions" # Jan β€” user-friendly desktop app # - label: "local-jan" # provider: "jan" # model: "llama3.1-8b" # endpoint: "http://localhost:1337/v1/chat/completions" ``` **Cloud AI (API key required):** ```yaml ai_providers: # OpenAI - label: "openai" provider: "openai" api_key: "sk-..." # https://platform.openai.com/api-keys model: "gpt-4o" # Anthropic (Claude) # - label: "anthropic" # provider: "anthropic" # api_key: "sk-ant-..." # https://console.anthropic.com/settings/keys # model: "claude-sonnet-4-20250514" # Google Gemini # - label: "google" # provider: "google" # api_key: "AI..." # https://aistudio.google.com/apikey # model: "gemini-1.5-flash" # Mistral # - label: "mistral" # provider: "mistral" # api_key: "..." # https://console.mistral.ai/api-keys # model: "mistral-large-latest" # Groq (fast inference) # - label: "groq" # provider: "groq" # api_key: "gsk_..." # https://console.groq.com/keys # model: "llama-3.1-70b-versatile" ``` 3. **Install the local AI server** (if using local): ```bash # Ollama (recommended β€” one command) curl -fsSL https://ollama.com/install.sh | sh ollama pull llama3.1 # LM Studio β€” download from https://lmstudio.ai # Jan β€” download from https://jan.ai # llama.cpp β€” git clone https://github.com/ggerganov/llama.cpp && make ``` 4. **Use it:** ``` > blog 1. AI Blog for You (Recommended) [ollama/llama3.1] 2. Manual Blogging (No AI) > 1 What should the blog post be about? > sustainable technology trends in 2026 AI-Generated Blog Post Provider: ollama/llama3.1 (847 tokens) --- [full article here] --- What would you like to do? edit blog - Replace with your edits ai rewrite blog - Have AI polish/rewrite it ai expand blog - Have AI make it longer publish blog - Save as .txt locally publish blog to wp://mysite.com u pass - Publish (shows preview first) publish blog to - Publish to configured target > publish blog to wp://mysite.com admin mypassword Ready to Publish Title: Sustainable Technology Trends in 2026 Words: 847 Target: wp-mysite.com Preview: The clean energy revolution is accelerating... ... [truncated] --- confirm - Publish now change title - Rename before publishing edit blog - Edit content first cancel - Abort > change title The Green Tech Surge: What's Coming in 2026 Title updated. Title: The Green Tech Surge: What's Coming in 2026 Target: wp-mysite.com Type confirm to publish or cancel to abort. > confirm Blog Published wp-mysite.com (wordpress): Post published successfully URL: https://mysite.com/the-green-tech-surge ``` **AI Commands:** | Command | Description | |---|---| | `blog` | Interactive menu β€” choose AI or manual | | `ai blog generate about ` | Generate a full blog post from a topic | | `ai rewrite blog` | Rewrite/polish your current draft | | `ai expand blog` | Expand short content into a longer article | | `ai headlines` | Generate 5 headline options for your draft | | `ai blog seo` | Generate SEO metadata (title, description, keywords, slug) | | `ai options` | Show local AI providers and install instructions | | `ai providers` | Show cloud AI providers and API key links | | `switch ai provider