Skip to content

Clawk gives coding agents a disposable Linux VM instead of your laptop

Original: Show HN: Clawk – Give coding agents a disposable Linux VM, not your laptop View original →

Read in other languages: 한국어日本語
LLM Jul 14, 2026 By Insights AI (HN) 1 min read 1 views Source

Clawk is aimed at a familiar tension in agentic coding tools. An agent becomes more useful when it can install packages, run tests, start servers, and inspect failures directly. The same permissions also put local files, credentials, and machine state in range of model-driven commands.

The project's answer is to move the agent into a disposable Linux VM. From a repository, the user runs clawk; Claude Code, Codex, or a shell then operates inside the guest. The code is mounted in, but the user's home directory, keychain, and private machine state are kept outside that environment.

The security model is intentionally concrete rather than purely prompt-based. Clawk describes network allow-lists for outbound access, a fresh VM path via destroy and recreate, and SSH agent forwarding for workflows that still need to push code. It also calls out the limit: if an allowed destination is reachable, anything the agent can read may be sent there.

That honesty is part of why the HN thread found the project interesting. Many current tools ask users to choose between frequent permission prompts and broad unattended execution. Clawk tries a different tradeoff: fewer interruptions for the agent, but a harder operating-system boundary around the work.

The project is still young, with macOS as the primary platform and Linux marked experimental. Even so, the direction is notable. As coding agents do more real work, the default question is shifting from “can the model edit code?” to “where should those edits and commands be allowed to run?”

Share: Long

Related Articles