It's hilarious watching people discover security again. Everyone plugging their favorite sandbox technology. Yes, sand boxing processes is a thing that has existed for a long time and there are a million tools that do it. Systemd has it built in for example. Even claude code itself has sandboxing and permissions built in.

Process isolation is not the danger with OpenClaw. Giving an LLM access to all your shit is the problem. My solution is to treat it like a human, give it it's own accounts, scoped to what you want it to do and accept the risks associated with that. If I had a human assistant I wanted to read my email, I'd set up an inbox for them specifically and forward what I want them to screen. I don't use OpenClaw, but have a similar harness I built that runs as an unprivileged Linux user with access to just what I want it to access.

I know it's not in vogue to actually know how technology works anymore, but we have literally decades worth of technology solutions for authentication/authorization, just fucking use it.