⚠The team behind this tool is not publicly identified. Treat with extra caution — anonymous authorship is a significant trust risk.

nanobot

Name: nanobot (A-) — Security & Privacy Review
Item: nanobot
Rating: 4.2
Author: Limpid

Agent Orchestration

A-

Overall score: 4.2Reviewed April 15, 2026

A highly transparent, local-first research framework that offers strong privacy but requires manual hardening to mitigate recent RCE vulnerabilities.

Claim Accuracy5/5

Data & Privacy5/5

Security Posture3/5

Transparency4/5

›Developed and maintained by the Data Intelligence Lab at the University of Hong Kong (HKUDS).
›CVE-2026-33654 (CVSS 8.9) recently allowed remote code execution via unauthenticated email processing; patched in version 0.1.6.
›Supports kernel-level isolation on Linux systems using bubblewrap (bwrap) for shell command execution.
›Operates strictly locally with no telemetry or data collection, keeping logs and chat history on-device.
›Extremely minimal codebase (~4,000 LOC) under a permissive MIT license, facilitating thorough security auditing.