⚠The team behind this tool is not publicly identified. Treat with extra caution — anonymous authorship is a significant trust risk.
ZeroClaw
Agent Runtime
B
Overall score: 3.8Reviewed April 17, 2026
ZeroClaw’s local-first architecture and active security hardening are genuinely strong, but the complete absence of a Privacy Policy, Terms of Service, and verifiable legal entity means there is no contractual baseline for teams who need one before deployment.
Score Summary
Claim Accuracy4/5
Data & Privacy4/5
Security Posture4/5
Transparency3/5
Key Findings
›No Privacy Policy or Terms of Service could be found on the official website (zeroclawlabs.ai) or in the repository; the website returned only a tagline during fetching, with no legal documents linked — source: https://www.zeroclawlabs.ai/ (fetch) and https://github.com/zeroclaw-labs/zeroclaw (README, no ToS/PP links).
›ZeroClaw is dual-licensed MIT and Apache-2.0; contributors automatically grant rights under both licences via a CLA — source: https://github.com/zeroclaw-labs/zeroclaw/blob/master/LICENSE-APACHE and LICENSE-MIT. Apache 2.0 includes a patent grant, which is relevant for commercial deployers.
›No verifiable registered legal entity for ZeroClaw Labs was found; the trademark is claimed (‘trademarks of ZeroClaw Labs’) but no incorporation record or registered company was locatable — source: https://github.com/zeroclaw-labs/zeroclaw (README).
›Active impersonation ecosystem: the project warns users against zeroclaw.org, zeroclaw.net, and the openagen/zeroclaw fork, all of which impersonate the official project; binary supply-chain risk is elevated — source: https://github.com/zeroclaw-labs/zeroclaw (README announcements).
›An open S1-severity bug (issue #3999) documents that security prompts are not displayed and tool execution is bypassed when using local Ollama models, which is a functional gap against the project’s ‘security-first’ positioning — source: https://github.com/zeroclaw-labs/zeroclaw/issues/3999.