researchclaw-requires-docker-isolation-not-host-install
AutoResearchClaw generates and executes experiment code during its 23-stage pipeline. This makes Docker isolation mandatory — not optional. Deploying on the host or inside the oracle-hermes container creates arbitrary code execution risk. The dedicated researchclaw container on oracle-network with Docker-in-Docker or host Docker socket access for its experiment sandbox is the correct topology, matching the established oracle-* service pattern.