pynchy
Health Gecti
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 10 GitHub stars
Code Gecti
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
- Permissions — No dangerous permissions requested
This project is a modular, containerized personal AI assistant built on Anthropic's Agents SDK. It acts as an alternative to tools like OpenClaw, providing persistent memory, scheduled jobs, and integrations with external services like WhatsApp, Slack, and X (Twitter).
Security Assessment
Overall Risk: Medium. The tool explicitly leverages containers to provide process, filesystem, and network isolation for its agents. It also implements policy groups specifically designed to prevent lethal trifecta prompt injection attacks, which is a strong security-first mindset. However, the nature of the integrations requires access to highly sensitive data, such as WhatsApp linked devices, Slack tokens, and X credentials. Additionally, browser automation features expand the attack surface. The automated code scan passed cleanly with no dangerous patterns or hardcoded secrets found across its 12 files, and no dangerous permissions are requested.
Quality Assessment
The project is actively maintained, with its most recent push occurring today. It is licensed under the permissive and standard MIT license. However, it is still a very small project with only 10 GitHub stars, meaning community trust and widespread testing are currently limited.
Verdict
Use with caution: the architecture shows excellent security considerations for an agent framework, but developers should carefully evaluate the inherent risks of connecting it to their primary messaging and social media accounts.
A modular alternative to Clawdbot / OpenClaw that runs in containers for security. Connects to WhatsApp, has memory, scheduled jobs, and runs directly on Anthropic's Agents SDK
🦞 Pynchy (pronounced "Pinchy") — A personal AI assistant like OpenClaw done right. Security first, modular, written in Python.
Why Pynchy?
Everyone is writing their own AI assistant. Why write another one? Mainly because I wanted something written in Python — that's what I'm most comfortable with.
Comparison to Related Projects
- ZeroClaw looks great actually, but I don't know how to write in Rust.
- Happy looks great, but ultimately is a remote terminal to Claude Code. I want to add my own security features. Also, I am not fluent in TypeScript.
- NanoClaw is too minimalist.
- OpenClaw is a massive pile of overcooked spaghetti code. Ain't no way I'm running that security nightmare on my machine.
- pi mono is a less crazy project, which OpenClaw built on top of. It doesn't have the security features I want.
Features
- Agents run in containers, with process, filesystem, and network isolation.
- Built-in plugins ship with the monorepo; third-party plugins are discoverable via Python entry points.
- Uses LiteLLM as the LLM gateway, which gives you a bunch of features out of the box:
- Automatic load balancing across APIs, to soak up your various allowances from different providers.
- Access to 100+ LLM providers
- Cost tracking and budget management.
- Rate limiting
- MCP gateway — manages external MCP tool servers with per-workspace access control and on-demand Docker lifecycle.
- (see the LiteLLM docs for more details)
- Eight types of plugins — agent cores, skills, channels, service handlers, container runtimes, workspaces, observers, and tunnels.
- Persistent memory with BM25-ranked full-text search — agents save and recall facts across sessions.
- Recurring tasks scheduled at specific times or intervals.
- Policy groups to prevent lethal trifecta prompt injection attacks.
Integrations
Built-in plugins provide integrations with external services, and they're all pluggable — see plugin authoring to add your own.
| Integration | What it does |
|---|---|
| Messaging channel via linked device | |
| Slack | Messaging channel with browser-based token extraction |
| X (Twitter) | Post, like, reply, retweet, and quote via browser automation |
| CalDAV | Calendar access (Nextcloud, etc.) — list, create, delete events |
| Jupyter Notebooks | Per-workspace notebook server with MCP tools |
| Google Drive | File access via OAuth2 MCP server |
Getting Started
See the installation guide.
Documentation
Full documentation at pynchy.ricardodecal.com.
| Section | What it covers |
|---|---|
| Usage | Day-to-day operation, groups, scheduled tasks |
| Plugin authoring | Writing plugins: channels, skills, MCP servers |
| Architecture & Design | Container isolation, message routing, IPC, security |
| Contributing | How to contribute — plugins, fixes, docs, and more |
FAQ
What messaging channels are supported?
WhatsApp and Slack have first-party plugins. Channels are pluggable — write a plugin to add new ones.
Why Apple Container instead of Docker?
On macOS, Apple Container is lightweight and optimized for Apple silicon. Docker works too and is used as a fallback. On Linux, Docker is the only option.
Is this secure?
Agents run in containers, not behind application-level permission checks. They can only access explicitly mounted directories. See the security model for details.
How do I debug issues?
Ask Pynchy. "Why isn't the scheduler running?" "What's in the recent logs?"
Credits
Huge thanks to NanoClaw. Pynchy started as a Python port of NanoClaw.
License
MIT
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi