Get Started

Install Moltis and start your AI assistant in minutes

~ quickstart

$ curl -fsSL https://www.moltis.org/install.sh | sh

Supported Platforms

Pre-built releases

macOS

Apple Silicon & Intel

Linux

x86_64 & ARM64

Windows

x86_64

Install with one command, or pick a release artifact for your platform from GitHub Releases.

Try it in the cloud

Ready in under a minute

Cloud is a great way to try Moltis. For the full experience, run it on your Mac, a VM, or any dedicated host.

Deploy on DigitalOcean

Fly.io

Need setup details? See Cloud Deploy docs.

Features

Everything you need in one binary

Single Binary

One self-contained binary. No runtime dependencies, just download and run.

Local LLMs

Run your own models locally. Automatic download and setup included.

Authentication

HTTPS by default. Password, token, and passkeys access.

Sandboxed Browsing

Run browser sessions in isolated Docker containers for safer automation.

SSRF Protected

Blocks loopback, private, and link-local IPs from LLM fetch.

Streaming-first

First token appears instantly. Smooth replies, even during long runs.

Skills, Hooks & MCP

Plugins, hooks, MCP tool servers with OAuth 2.1. Stdio or HTTP/SSE, auto-restart.

FS or Sandbox

Full filesystem or per-session Docker, Podman, Apple Container, or WASM isolation.

Long-term Memory

Hybrid vector + full-text search. Your agent remembers context.

Pi-Inspired Self-Extension

Pi-inspired self-extension: creates its own skills at runtime. Session branching, hot-reload.

Multi-Channel

Web UI, Telegram, WhatsApp, Discord, Teams, or API. One agent, every frontend.

Voice

Talk to your assistant with multiple cloud and local TTS/STT providers.

OpenClaw Import

New

Full read-only import of your OpenClaw workspace — conversations, skills, and settings. Switch in one click.

Multi-Agent Personas

Create multiple agent personas with distinct personalities and capabilities. Full CRUD management UI.

Encryption Vault

Encryption-at-rest vault for API keys and secrets. Your credentials are encrypted on disk, not just in memory.

iOS Companion

Soon

Native iOS app with push notifications via APNS relay. Coming soon to the App Store.

GraphQL API

Full GraphQL API exposing all RPC methods. Build your own integrations and frontends.

Internationalization

Full i18n support. Ten locales are built in today.

And much more...

Security

✓ Passkeys (WebAuthn)
✓ Scoped API keys
✓ Encryption-at-rest vault
✓ Secrets zeroed on drop
✓ Human-in-the-loop approval
✓ Origin validation (CSWSH)
✓ No unsafe code

LLM Providers

✓ Anthropic, OpenAI, Gemini
✓ DeepSeek, Mistral, Groq, xAI
✓ OpenRouter, Ollama, Local LLM
✓ Custom OpenAI-compatible endpoints
✓ Provider fallback chains
✓ Per-provider metrics

Memory

✓ Hybrid search (vector + FTS)
✓ Local embeddings (GGUF)
✓ OpenAI batch API (50% off)
✓ Embedding cache
✓ File watching / live sync
✓ Session export

Extensibility

✓ MCP server support
✓ GraphQL API
✓ CalDAV calendar integration
✓ Hook system (lifecycle)
✓ Cron job scheduling
✓ i18n (10 locales)
✓ OpenClaw import
✓ TOML configuration

Observability

✓ Prometheus metrics
✓ OpenTelemetry tracing
✓ Structured logging
✓ Per-provider charts
✓ SQLite persistence
✓ Real-time WebSocket

Security-first design

An AI assistant you can trust on your machine

Why should you trust it?

Moltis is one file. You download it, you run it, done. There's no plugin store, no package manager, no runtime that could be compromised. The entire application is a single binary you can verify.

Your AI runs in a sandbox by default. It can't read your files, run commands, or browse the web unless you explicitly allow it. Every tool action can require your approval — or you can pre-approve specific ones you trust.

Your passwords and API keys are wrapped so they can never be accidentally logged, and the memory is zeroed the moment they're no longer needed. The language it's built in (Rust) makes entire classes of security bugs impossible at the compiler level.

What you won't find here

No plugin marketplace to get compromised. No JavaScript runtime. No dependency tree of 1,200 packages you can't review. One binary you can audit end to end.

How we protect you

What if...	How Moltis handles it
Someone finds your instance	Password or passkey required from first launch, automatic HTTPS, rate limiting
AI tries to run dangerous code	Everything runs in a sandbox (Docker or Apple Container). Each action needs your approval first
A dependency gets compromised	There are no npm/pip packages to compromise. One binary, auditable dependencies. Integrations like Telegram are built-in, tested code
AI accesses your internal network	Internal and private network addresses are automatically blocked
Someone tries to steal your keys	API keys and passwords are hidden from logs and zeroed in memory after use
Session gets hijacked	Origin checking prevents cross-site attacks, HTTPS enabled by default
Unauthorized access	Passkeys, scoped API keys, per-tool permission policies

Sandboxed execution

Docker & Podman

Each conversation gets its own isolated container. Shell commands and web browsing happen inside the sandbox, not on your real system.

Apple Containers

On Mac, uses Apple's built-in virtualization for lightweight isolation — no Docker needed.

WASM sandbox

Wasmtime-based sandbox with generic failover. Lightweight isolation without containers.

Fully open source

unsafe in core*

npm dependencies

~5K

LoC agent core

~150K

lines of Rust (full)

85%

files with tests

MIT

license

*2 unsafe impl Send/Sync exist for the llama.cpp FFI wrapper, only compiled with the optional local-llm feature.

How Moltis compares

Open-source AI assistants you can self-host

At a glance

	OpenClaw	NanoClaw	ZeroClaw	Moltis
Language	TypeScript	TypeScript	Rust	Rust
Runtime	Node.js + npm	Node.js	Single binary	Single binary
Sandbox	App-level	Docker	Docker	Docker/Podman + Apple + WASM
Auth	Basic password	None	Token + OAuth	Password + Passkey + API keys
Voice	Plugin	—	—	Built-in (15+ providers)
MCP	Via plugin	—	—	Yes (stdio + HTTP/SSE)
Memory / RAG	Plugin	Per-group files	SQLite + FTS	SQLite + FTS + vector
Hooks	Limited	—	—	15 event types
Channels	Web, Telegram	Web, Telegram	Web, Discord	Web, Telegram, WhatsApp, Discord, Teams
API	REST	REST	REST + gRPC	JSON-RPC + GraphQL
OpenClaw import	—	—	—	Full (read-only, safe)

Security comparison

	OpenClaw	NanoClaw	ZeroClaw	Moltis
Code sandbox	App-level	Docker	Docker	Docker/Podman + Apple + WASM
Secret handling	Env variables	Env variables	Encrypted profiles	Encrypted vault, redacted, zeroed
SSRF protection	Plugin	—	DNS validation	Blocks loopback/private/CGNAT
WebSocket origin	—	—	—	Cross-origin rejection
Hook gating	—	—	Skills-based	Inspect / modify / block
Rate limiting	—	—	—	Per-IP throttle + login limits

Performance

	OpenClaw	NanoClaw	ZeroClaw	Moltis
Dist size	~28 MB (node_modules)	Small	3.4 MB	44 MB
Cold start	>30s	Fast	<10ms	~1s
RAM (idle)	>100 MB	Low	<5 MB	~30 MB
Min hardware	Modern desktop	Any	$10 SBC	Raspberry Pi 4+

Moltis is larger because it bundles a web UI, voice engine, browser automation, and MCP runtime. ZeroClaw is smaller but lacks these features.

Based on publicly available information. Projects evolve quickly — check each repo for the latest. Full comparison in the docs.

A Rust-native claw you can trust

Secure by design

Your hardware

Full-featured