Restrict what OpenClaw can access on your machine using OS-level sandboxing. Use when: protecting credentials (SSH keys, API tokens) from the gateway process, limiting network to approved domains, preventing unauthorized file writes, hardening OpenClaw deployment, setting up SRT sandbox, troubleshooting sandbox issues. Works with: healthcheck skill for full security posture.