I built this to run OpenClaw safely. The problem: every sandbox I tried still handed the real API token to the agent as an env var.

nilbox never gives the agent the real token. It gets a fake placeholder instead (ANTHROPIC_API_KEY=ANTHROPIC_API_KEY). nilbox intercepts outbound API calls and swaps in the real token at the network layer.

So if the agent leaks the "token" — attacker gets a useless string. That's it.

Also ships a managed Linux runtime (consistent across mac/win/linux) and a Store for one-click agent app installs. Full shell access too.

Available for macOS, Windows, and Linux https://nilbox.run

Curious how others are thinking about token security when running agents locally.