I created Smith to provide a claw style system designed around secure multi-user deployments. Smith has prompt injection mitigation techniques built in, and provides a policy gated tool gateway and uses Postgres row level security to isolate user/agent interactions.

Smith also comes with some significant usability improvements:

Postgres based session storage that the agent can query with full-text search. This enables agents to introspect their own work, provides episodic memory and simplifies evals.

* An Obsidian-like knowledge-base memory system, also full-text searchable. I'm considering writing an Obsidian plugin to simplify introspection of Agent notes.

* Secure multi-system management. Hosts are exposed as gateway tools via an agent interaction daemon (agentd) with a pluggable isolation layer so you can use whatever sandbox you prefer. Gondolin is the default on MacOS.

* First class policy support out of the box with conversational configuration. Admin users can define who can do what by chatting with the agent and changes are hot reloaded.

Like OpenClaw, Smith is built on the Pi agent harness (if it ain't broke, don't fix it).

The architecture of Smith broadly agrees with the best practices defined in https://www.ibm.com/downloads/documents/us-en/1443d5dd174f42.... It's important to note that this release is intended as a modular base to simplify secure agent deployment for professionals, and its ultimate security still hinges on proper configuration and use.