feat: initial companion repo for OpenClaw vs Claude Code article

40 files demonstrating every major OpenClaw capability using Claude Code:
- 3 agents (researcher, writer, reviewer)
- 3 skills (daily-briefing, slack-message, web-research)
- 2 security hooks (pre-tool-use blocker, post-tool-use logger)
- 10 self-contained examples with copy-paste prompts
- Complete feature map (20 capabilities, 11 full match, 7 different, 2 gap)
- Security docs including NemoClaw comparison
- Automation, messaging, browser, memory documentation

Zero dependencies. Clone and run.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

security/nemoclaw-comparison.md

@@ -0,0 +1,86 @@
+# NemoClaw vs Claude Code Security
+
+An honest comparison of security architectures. NemoClaw is
+NVIDIA's enterprise layer on top of OpenClaw. Claude Code is
+Anthropic's agent platform. They solve security differently.
+
+## Architecture comparison
+
+### NemoClaw (4 security layers)
+
+| Layer | Mechanism | Enforcement |
+|-------|-----------|-------------|
+| Network | Block non-allowlisted outbound | Kernel (netns) |
+| Filesystem | Restrict to /sandbox and /tmp | Kernel (Landlock) |
+| Process | Block privilege escalation | Kernel (seccomp) |
+| Inference | Route API calls through gateway | Proxy |
+
+All enforcement is out-of-process. The agent cannot override its
+own constraints because they are enforced by the Linux kernel.
+
+### Claude Code (3 security layers)
+
+| Layer | Mechanism | Enforcement |
+|-------|-----------|-------------|
+| Permissions | Allow/deny lists, modes | Claude Code runtime |
+| Hooks | PreToolUse/PostToolUse scripts | Shell scripts |
+| Sandbox | macOS sandbox-exec | OS-level |
+
+Hooks run in-process (same machine) but as separate shell processes.
+The agent cannot modify hook scripts during execution because file
+writes can be restricted.
+
+## Where NemoClaw wins
+
+1. **Kernel-level isolation.** Landlock + seccomp + network namespaces
+   cannot be bypassed by the agent, period. Claude Code hooks can
+   theoretically be circumvented if permission mode is too permissive.
+
+2. **Enterprise compliance.** NemoClaw is designed for SOC2, audit
+   trails, OpenTelemetry integration. Claude Code has basic logging
+   via hooks but no compliance framework.
+
+3. **Multi-tenant safety.** NemoClaw sandboxes isolate agents from
+   each other. Claude Code agents share the host environment (worktree
+   isolation helps but is git-level, not OS-level).
+
+## Where Claude Code wins
+
+1. **Flexibility.** Hooks can contain any logic. NemoClaw policies
+   are declarative YAML with fixed categories. If you need custom
+   rules, Claude Code is easier to extend.
+
+2. **No infrastructure.** NemoClaw requires Docker, 4 vCPU, 8GB RAM,
+   a 2.4GB sandbox image. Claude Code hooks are bash scripts.
+
+3. **Speed.** No container startup. Hooks add milliseconds, not
+   seconds.
+
+4. **Ecosystem maturity.** Claude Code's permission model is
+   battle-tested across millions of sessions. NemoClaw is in early
+   alpha (announced March 2026).
+
+## Known vulnerabilities
+
+- **OpenClaw:** CVE-2026-25253 (CVSS 8.8) allowed remote code
+  execution through crafted skill files. 135K+ instances were
+  exposed before the patch.
+- **ClawHub:** Cisco research found 12% of community-submitted
+  skills contained malicious code (data exfiltration or prompt
+  injection payloads).
+- **Claude Code:** No known CVEs. The marketplace has a review
+  process, though its effectiveness varies.
+
+## Practical recommendation
+
+| Use case | Better choice |
+|----------|--------------|
+| Personal automation | Claude Code (simpler, no infra) |
+| Enterprise/multi-tenant | NemoClaw (kernel isolation) |
+| Compliance-required | NemoClaw (audit trails) |
+| Custom security rules | Claude Code (hook flexibility) |
+| Untrusted skill ecosystem | NemoClaw (sandbox) or Claude Code (review + hooks) |
+
+They are not mutually exclusive. You can use Claude Code for
+development work and OpenClaw+NemoClaw for always-on automation
+where stronger isolation matters.