researchclaw-container-requires-docker-socket-for-experiment

researchclaw-container-requires-docker-socket-for-experiment-sandbox

AutoResearchClaw runs LLM-generated experiment code that must be sandboxed — running it unsandboxed is a security violation. The researchclaw container must either use Docker-in-Docker or mount the host Docker socket (/var/run/docker.sock) to spin ephemeral experiment sandbox containers per run. This is a mandatory design requirement, not optional hardening.

Related

• autoresearchclaw-requires-dedicated-container-for-sandbox
• autoresearchclaw-requires-dedicated-container-for-experiment
• researchclaw-dedicated-container-oracle-network-deployment
• autoresearchclaw-must-run-in-isolated-container-not-hermes
• docker