Skip to main content

Network Policies

MemantoClaw runs with a deny-by-default network policy. The sandbox can only reach endpoints that are explicitly allowed. Any request to an unlisted destination is intercepted by OpenShell.

Baseline Policy

The baseline policy is defined in memantoclaw-blueprint/policies/openclaw-sandbox.yaml.
  • Filesystem: /sandbox, /tmp, /dev/null are Read-write. /usr, /lib, /proc, /app, /etc are Read-only.
  • Network: Endpoints like openclaw.ai:443, docs.openclaw.ai:443, registry.npmjs.org:443 are allowed.
  • Inference: The baseline policy allows only the local inference route.
Note: GitHub access is not included by default. Apply the github preset if needed.

Operator Approval Flow

When the agent attempts to reach an unlisted endpoint, OpenShell intercepts the request interactively.
  1. Open the TUI: openshell term
  2. Trigger a blocked request (the agent tries to reach an unknown host).
  3. The TUI displays the Host, Port, Binary, and HTTP method of the request.
  4. Approve to add the endpoint for the current session, or Deny to keep it blocked.
Approved endpoints persist for the current session but are not saved to the baseline policy file.

Customize the Sandbox Network Policy

Static Changes

Edit memantoclaw-blueprint/policies/openclaw-sandbox.yaml. Each entry defines endpoints, binaries, and rules (methods). Then re-run: 
memantoclaw onboard

Dynamic Changes

Create a YAML policy file and apply it to a running sandbox instantly: 
openshell policy set `<policy-file>`

Policy Presets

MemantoClaw ships preset policy files for common integrations (e.g., github, npm, pypi, discord, slack). To apply a preset to a running sandbox: 
openshell policy set memantoclaw-blueprint/policies/presets/pypi.yaml

For complete, unabridged technical details on this topic, refer to the official NVIDIA NemoClaw Documentation. Portions of this guide are summarized and adapted from NVIDIA Corporation (Copyright © 2026), licensed under the Apache License, Version 2.0.