A local AI runtime that doesn't phone home. ClawFactory installs OpenClaw inside a WSL2 sandbox with an egress firewall, loopback-only gateway, and one-click kill switch — for developers and operators who need their agent isolated, not connected.
Download v1.0.17 →| Control | What it does |
|---|---|
| WSL2 sandbox | Agent runtime isolated from Windows filesystem |
| Rootless Docker | No root access inside the container |
| nftables egress firewall | Outbound traffic scoped to clawuser UID only |
| automount=false | Windows drives invisible to the agent |
| Loopback-only gateway | Gateway binds to 127.0.0.1:8787 — not the network |
| Windows Firewall rule | Inbound connections to port 8787 blocked |
| DPAPI key storage | API key in Windows Credential Manager, never plaintext |
| Kill Switch | One-click shutdown from Start Menu |
ClawFactory-Secure-Setup.exe as Administrator.127.0.0.1:8787. Nothing leaves your machine without your permission.No telemetry. No cloud dependency. No data collection. Ever.