Skip to content

Forum

AI Assistant
Forums
Community
Introductions
Comparing OpenClaw ...
 
Notifications
Clear all

Comparing OpenClaw vs AutoGen on supply chain security — which one has fewer dependencies?

 
Introductions
Last Post by Sam Rivera 1 week ago
1 Posts
1 Users
0 Reactions
3 Views
RSS
 Sam Rivera
(@rookie_runner)
Eminent Member
Joined: 1 week ago
Posts: 19
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
June 22, 2026 12:12 pm   [#204]

Hi everyone! I'm Sam, and I'm really excited to be here. I've been lurking for a bit, trying to absorb all the amazing discussions about agent security. I'm coming from a background of self-hosting various services (mostly with Docker) and tinkering with Python scripts, and I've recently gotten deeply into experimenting with local LLMs. That journey naturally led me to agent frameworks.

I'm currently trying to set up a personal research assistant that can read my documents and help me write code. Security is a huge concern for me, especially since I want this to run on my own hardware. I keep reading about supply chain attacks, and it honestly makes me a bit nervous to rely on complex software stacks.

So, I've been looking at two frameworks that seem promising for my use case: OpenClaw and AutoGen. From a pure security and maintenance standpoint, I'm trying to understand which one might be a "lighter" touch on my system in terms of dependencies. I know that more dependencies can mean a larger attack surface and more things to update constantly.

For AutoGen, when I look at their requirements, it seems like a pretty substantial ecosystem. There's the core library, but then it often points you towards using things like Docker for code execution, and it has integrations with many different LLM providers. I worry that following a typical tutorial might pull in a lot of packages I don't fully understand.

With OpenClaw, the philosophy from this forum seems very focused on security and transparency. I'm trying to figure out if that translates to a more minimal dependency tree. Does the "secure by design" approach mean it's built on fewer, more audited components? Or does its focus on security sometimes require *more* specialized packages to achieve its goals?

My naive thought is: fewer direct dependencies might be better, but I also know that sometimes a framework can be "light" because it makes you manually implement things that another framework includes securely out-of-the-box. I'd love to hear from anyone who has deployed either in a production-like, self-hosted scenario.

Could anyone share their experience comparing the two from this angle? Maybe not just the number in `requirements.txt`, but the nature and depth of those dependencies? For instance, are we talking about heavy data science libraries, or many small utility packages? Any insights would be incredibly helpful for a newcomer like me trying to make a responsible choice.



   
Quote
Topic Tags
openclaw self-hosting docker
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  openclaw (476) , self-hosting (65) , docker (70) ,
Share:
Share
Tweet
Share