A local AI runtime that doesn't phone home. ClawFactory installs OpenClaw inside a WSL2 sandbox with an egress firewall, loopback-only gateway, and one-click kill switch. Security controls enforced at the OS level — not by prompting the agent to behave.
ClawAgent: single agent, 5 min setup · ClawFactory: full security substrate, 5 agents, kill switch
| Control | What it does |
|---|---|
| WSL2 sandbox | Agent runtime isolated from Windows filesystem |
| Rootless Docker | No root access inside the container |
| nftables egress firewall | Outbound traffic scoped to clawuser UID only |
| automount=false | Windows drives invisible to the agent |
| Loopback-only gateway | Gateway binds to 127.0.0.1:8787 — not the network |
| Windows Firewall rule | Inbound connections to port 8787 blocked |
| DPAPI key storage | API key in Windows Credential Manager, never plaintext |
| Kill Switch | One-click shutdown from Start Menu |
ClawFactory-Secure-Setup.exe as Administrator.127.0.0.1:8787. Nothing leaves your machine without your permission.automount=false is a WSL2 kernel parameter. None of these can be overridden by the agent itself, regardless of what instructions it receives. This is the difference between a security control and a security suggestion.No telemetry. No cloud dependency. No data collection. Ever.