- Optional Docker-based isolation for tool execution; Gateway stays on host.
- Modes:
off|non-main|all. - Scope:
session|agent|shared(containers). - workspaceAccess:
none|ro|rw(sandbox workspace vs agent workspace). - Default image:
openclaw-sandbox:bookworm-slim; build withscripts/sandbox-setup.sh.
See: Sandboxing
tools.allow/tools.deny; per-agentagents.list[].tools; sandbox tool policy (tools.sandbox.tools). Deny wins.- Elevated exec runs on host and bypasses sandbox.