hiclaw

HiClaw is an open-source Collaborative Multi-Agent OS that coordinates multiple agent “Workers” via a “Manager” agent, using Matrix rooms for transparent human-in-the-loop task coordination. It includes a local/self-hosted Matrix server (Element Web + Matrix backend), a MinIO-backed shared filesystem for inter-agent exchange, and a Higress AI Gateway for proxying/isolating real credentials (workers use consumer tokens).

Evaluated Mar 29, 2026 (0d ago)
Homepage ↗ Repo ↗ Automation ai-ml automation messaging devtools infrastructure multi-agent matrix mcp
⚙ Agent Friendliness
40
/ 100
Can an agent use this?
🔒 Security
62
/ 100
Is it safe for agents?
⚡ Reliability
31
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
55
Documentation
65
Error Messages
0
Auth Simplicity
75
Rate Limits
20

🔒 Security

TLS Enforcement
70
Auth Strength
75
Scope Granularity
30
Dep. Hygiene
40
Secret Handling
85

README claims worker agents use only consumer tokens while real credentials (API keys, GitHub PATs) remain in the Higress AI Gateway. This is a strong credential isolation story, but the provided content does not detail scope granularity, token lifetimes, revocation, audit logging, or how TLS is enforced in all modes (local vs external). Also no dependency/SBOM/CVE hygiene details are provided.

⚡ Reliability

Uptime/SLA
0
Version Stability
55
Breaking Changes
40
Error Recovery
30
AF Security Reliability

Best When

You want a self-hosted, observable multi-agent workspace where humans can monitor and intervene in real time, and where credential isolation between coordinator and workers is important.

Avoid When

You need a minimal REST/GraphQL/SDK API for programmatic access, or you cannot operate a Matrix server plus supporting infrastructure (MinIO, gateway containers).

Use Cases

  • Human-in-the-loop multi-agent task execution with visible conversation history (Matrix rooms)
  • Coordinating specialized agents for coding, planning, and tool-using workflows
  • Self-hosted agent team collaboration without exposing real provider credentials to workers
  • Integrating external MCP tools safely through a credential-handling gateway

Not For

  • A lightweight, single-process chatbot (it is an orchestrated multi-container system)
  • Apps that require a simple public hosted API service (this is primarily self-hosted)
  • Environments that cannot run Docker/Matrix or want only a REST/SDK integration surface

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: Login to the bundled Matrix server (Element IM client) Worker access via gateway-issued consumer tokens (real credentials stay in the gateway)
OAuth: No Scopes: No

Documentation emphasizes that workers do not hold real API keys/PATs and use consumer tokens mediated by the Higress AI Gateway. Specific token format/scope model is not detailed in the provided README.

Pricing

Free tier: No
Requires CC: No

Open-source project; pricing for hosted components is not described in the provided content.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • This system is chat/room-driven; programmatic agent integration may require understanding the Matrix workflow rather than a clean API surface.
  • Credential isolation relies on gateway behavior; agent operators should ensure the gateway configuration correctly prevents real credential exposure to workers.

Alternatives

OpenClaw (native multi-agent runtime without the additional Matrix/gateway orchestration layer) LangGraph / LangChain agent orchestrations (different tradeoff: typically less room-based human-in-the-loop visibility) CrewAI/AutoGen-style agent frameworks (often different UX and credential isolation model) Self-managed Matrix + custom agent orchestration (build your own manager/worker workflow)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for hiclaw.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-29.

5365
Packages Evaluated
21038
Need Evaluation
586
Need Re-evaluation
Community Powered