Hardening Guide

Docker Sandboxing

When agents.defaults.sandbox is enabled, non-main sessions run tools inside Docker containers.

🐳

Scope

scope: "agent" (default) or "session"

📁

Workspace

workspaceAccess: "none" (default) or "ro"

🔒

Hardening

network: "none", capDrop: ["ALL"]

Sandbox Config

{ "agents": { "defaults": { "sandbox": { "mode": "non-main", "scope": "agent", "workspaceAccess": "none", "docker": { "image": "openclaw-sandbox:bookworm-slim", "network": "none", "capDrop": ["ALL"], "memory": "1g", "memorySwap": "2g", "cpus": 1 } } } } }

Default Tools

Allowed: exec, process, read, write, edit, sessions_*, session_status

Denied: browser, canvas, nodes, cron, discord, gateway