The post-OpenClaw-crisis baseline. A sandboxed tool runs in a Docker container, gVisor sandbox, Apple container, or Workers runtime — with explicit allowlists for filesystem paths, network destinations and resource limits. Default-on in Hermes Agent, IronClaw and OpenClaw 2026.4+. Default-off in Nanobot (deliberately minimal).
Related terms
Found a definition that's wrong, dated or could be sharper? Email us — we update with attribution unless you'd rather we didn't.