OpenClaw Wiki

OpenClaw Introduces Sandboxing for Agents

OpenClaw developers have announced a significant security enhancement that fundamentally changes the platform's security concept. With the introduction of NemoClaw and OpenShell sandboxing, agents can now be executed in isolation, with logging and kill capabilities.

Problem Solved: The "Agent-as-browser" Dilemma

Previously, the problem existed that agents ran in the same environment as the browser or application, which posed security risks. The new sandboxing concept executes agents in an isolated environment, significantly reducing the risk of security vulnerabilities.

Easy Setup via Docker

According to the developers, the implementation of the new security concept is particularly user-friendly. With just one Docker command, users can start the sandbox environment. This underscores OpenClaw's claim to promote security not through complexity but through simplicity.

NemoClaw and OpenShell in Detail

NemoClaw serves as the core component of the sandboxing system and ensures the isolation of agents. OpenShell complements this with logging functions and the ability to stop or terminate agents when needed. This combination enables transparent monitoring and control of agent activities.

Security as Priority

With the hashtag #SecurityFirst, OpenClaw emphasizes the importance of this development. The sandbox environment ensures that potentially harmful actions by agents have no impact on the host system. This is particularly important for enterprise users who process sensitive data.

Outlook

The developers announced that this is only the first step. Future updates could bring additional security features and improvements. For users, this means they are investing in a platform that understands security as a continuous process.

The new sandbox function is now available and can be used by all OpenClaw users who have Docker installed on their system.