PitchHut logo
Log in / Sign up
Local first. Policy-enforced. Memory that survives.
Preview url
Visit project
Pitch

OpenClaw had 30k exposed instances and 800 malicious skills. Summer Yue's agent deleted 200 emails after her safety instruction got compacted out of context. Zora was built against both. PolicyEngine enforces rules from a config file, not the conversation. Memory lives outside the context window. Skills are AST-scanned before installation. Locked by default.

Description

Zora is a local AI agent built with security and memory as first-class requirements, not afterthoughts. It runs on your computer, takes real actions, and remembers what it is doing between sessions without giving up control of your system.

Why it exists

OpenClaw went viral with 180k stars and immediately had 30,000 exposed instances, 800+ malicious skills delivering malware, and a CVSS 8.8 RCE vulnerability. Summer Yue, Meta's director of AI alignment, had an OpenClaw agent delete 200+ emails after her "wait for approval" instruction was compacted out of the context window. She told it to stop. It kept going.

These are architectural problems. Zora was built to not have them.

Secure by Design

Zora starts with zero system access. Nothing works until you explicitly grant it. Permissions live in ~/.zora/policy.toml, a config file loaded before every action, not injected into the conversation where it can be compacted away.

[filesystem]
allow = ["~/Projects", "~/.zora/workspace"]
deny  = ["~/.ssh", "~/.gnupg", "~/Library", "/"]

[shell]
allow = ["git", "ls", "rg", "node", "npm"]
deny  = ["sudo", "rm", "curl", "chmod"]

[budget]
max_actions_per_session = 100

Memory That Survives

Memory lives in ~/.zora/memory/ as plain local files, loaded fresh at the start of every session. It does not accumulate in the conversation window, where context compaction can erase it.

~/.zora/memory/
  preferences.md
  project-notes.md
  items/

Skill Security

Skills are scanned with AST analysis before anything executes. The scanner detects obfuscation, eval, data exfiltration patterns, curl-pipe-bash, hardcoded secrets, and dangerous tool declarations. Already-installed skills can be audited to catch anything dropped in manually.

zora-agent skill install my-skill.skill   # scanned before install
zora-agent skill audit                    # scan all installed skills

Audit Log

Every action is logged with command, path, and timestamp. Full trail, reviewable any time.

zora-agent audit
zora-agent audit --last 50

Multiple AI Providers

Works with Claude, Gemini, and Ollama. Automatic failover between providers. Uses your existing subscription, no API keys, no per-token charges.

Example Tasks

  • "Sort my Downloads folder by type and archive anything older than 30 days."
  • "Find all TODO comments in my project and create a summary."
  • "Draft a changelog from my last 10 commits."
  • "What changed in my repos this week?"
0 comments

No comments yet.

Sign in to be the first to comment.