For what it's worth, I built an alternative specifically because of the ToS risk. GhostClaw uses proper API keys stored in AES-256-GCM + Argon2id encrypted vault -no OAuth session tokens, no subscription credentials, no middleman. Skills are signed with Ed25519 before execution. Code runs in a Landlock + seccomp kernel sandbox. If your key gets compromised you rotate it; if a session token gets compromised in someone else's app you might not even know.

t's open source, one Rust binary, ~6MB. https://github.com/Patrickschell609/ghostclaw