Sandbox Overview
OpenClaw's sandbox system provides a secure execution environment for AI-generated code. Code runs in isolated containers to prevent malicious code from affecting the host system.
Enable the Sandbox
openclaw sandbox enable
Prerequisites:
- Docker (recommended) or gVisor
- Sufficient system resources
Sandbox Status
openclaw sandbox status
Sandbox Status:
Engine: Docker
Status: Running
Container: openclaw-sandbox
Runtime: node, python, bash
Memory limit: 256MB
CPU limit: 1 core
Timeout: 30s
Executions today: 45
Errors today: 2
Configure the Sandbox
{
"sandbox": {
"enabled": true,
"engine": "docker",
"image": "openclaw/sandbox:latest",
"limits": {
"memory": "256m",
"cpu": "1.0",
"timeout": 30000,
"maxOutputSize": "1mb",
"maxFileSize": "10mb",
"networkAccess": false
},
"runtimes": ["node", "python", "bash"],
"blockedModules": ["os", "subprocess", "shutil"],
"tempDir": "/tmp/openclaw-sandbox"
}
}
Execute Code Manually
# Execute Python
openclaw sandbox exec --lang python "print('Hello, World!')"
# Execute JavaScript
openclaw sandbox exec --lang node "console.log('Hello!')"
# Execute from a file
openclaw sandbox exec --lang python --file script.py
Manage Sandbox Instances
# Restart the sandbox container
openclaw sandbox restart
# Stop the sandbox
openclaw sandbox stop
# Clean up temporary files
openclaw sandbox cleanup
# Update the sandbox image
openclaw sandbox update
Runtime Management
# View available runtimes
openclaw sandbox runtimes
# Add a runtime
openclaw sandbox add-runtime ruby
# Remove a runtime
openclaw sandbox remove-runtime ruby
Available Runtimes:
python 3.11 ✓ Installed
node 20.11 ✓ Installed
bash 5.2 ✓ Installed
ruby 3.3 ✗ Not installed
go 1.22 ✗ Not installed
Security Configuration
Network Isolation
{
"sandbox": {
"limits": {
"networkAccess": false
}
}
}
Network access is disabled by default. To allow specific requests:
{
"sandbox": {
"network": {
"enabled": true,
"allowedDomains": ["api.example.com"],
"blockedPorts": [22, 25, 3306]
}
}
}
Filesystem Restrictions
{
"sandbox": {
"filesystem": {
"readOnly": false,
"allowedPaths": ["/tmp"],
"maxFiles": 10,
"maxFileSize": "10mb"
}
}
}
Blocking Dangerous Operations
{
"sandbox": {
"blockedSyscalls": ["fork", "exec", "socket"],
"blockedModules": {
"python": ["os", "subprocess", "socket", "ctypes"],
"node": ["child_process", "fs", "net", "cluster"]
}
}
}
View Execution Logs
openclaw sandbox logs
openclaw sandbox logs --last 20
openclaw sandbox logs --errors
Execution Log:
[2026-03-19 10:30:01] python ✓ Success 150ms user001
[2026-03-19 10:28:15] node ✓ Success 80ms user002
[2026-03-19 10:25:33] python ✗ Timeout 30000ms user003
[2026-03-19 10:20:01] bash ✗ Blocked 0ms user001 (os module)
Resource Monitoring
openclaw sandbox monitor
Sandbox Resource Usage:
Memory: 45MB / 256MB (17%)
CPU: 12% average
Disk: 150MB temp files
Active executions: 2
Queue: 0
Enable Code Execution for a Channel
{
"channels": {
"discord-dev": {
"tools": ["code_exec"],
"sandbox": {
"allowedLanguages": ["python", "node"],
"maxExecutionsPerMinute": 5
}
}
}
}
Summary
The sandbox system is the security foundation for OpenClaw's code execution feature. Through strict resource limits, network isolation, and module blocklists, it ensures AI-generated code cannot harm the host system. Using the Docker engine for the sandbox is recommended in production environments.