The wild six weeks for NanoClaw's creator that led to a deal with Docker

"The stronger boundary protects the machine while the agent is coding, testing and improvising. It does not protect the rest of the world from the permissions you have already granted. A better-isolated runtime will not stop the bot from spraying outbound messages, sending a stupid email, or otherwise turning your authority into a minor public nuisance."

from:

https://entropytown.com/articles/2026-03-12-openclaw-sandbox...

plus, any idea why not podman or firecracker?

This article is remarkably light on the deal with docker, it's basically just mentioned in passing:

> Now, on Friday, Cohen announced a deal with Docker — the company that essentially invented the container technology NanoClaw is built on, and counts millions of developers and nearly 80,000 enterprise customers — to integrate Docker Sandboxes into NanoClaw.

Relevant link: https://nanoclaw.dev/blog/nanoclaw-docker-sandboxes

So I am late to the party on this; I can ABSOLUTELY see what would fuel a 48 hr code binge. I would be LIVID if a package I downloaded did such a bulk pull from my Whatsapp, and even further enraged if I found a bulk of packages integrated that led me to believe security was never a single thought.

Future innovators, don't take security for granted; someone who cares will eat your lunch.

"In researching a hiccup with performance, he stumbled across a file where the OpenClaw agent had downloaded all of his WhatsApp messages and stored them in plain, unencrypted text on his computer. Not just the work-related messages it was given explicit access to, but all of them, his personal messages too."

Now the agent can do the same thing, but it's in a container and it's doing it with a Rust binary, so you know it's safe. /s

Edit: It's not Rust.