researchclaw-dedicated-container-mandatory-for-experiment-sa

researchclaw-dedicated-container-mandatory-for-experiment-sandbox

AutoResearchClaw MUST run in a dedicated container (not inside oracle-hermes) because it executes AI-generated experiment code at runtime. Coupling it to oracle-hermes would expose the agent to arbitrary code execution in the same environment. The container should use Docker-in-Docker or mount the host Docker socket to spawn its own experiment sandbox sub-containers.

Related

• autoresearchclaw-requires-dedicated-container-sandbox
• autoresearchclaw-requires-dedicated-container-for-sandbox
• autoresearchclaw-must-run-in-isolated-container-not-hermes
• researchclaw-dedicated-container-required-for-sandbox
• autoresearchclaw-requires-dedicated-container-for-experiment