It's where you actually inspect what's leaving the box. Namespaces and seccomp stop the breakout, but an agent that's *allowed* to phone home will just do it over HTTP. A layer 7 proxy sees the HTTP requests, the TLS SNI, the POST bodies. You can block domains, inspect for data exfiltration patterns, enforce mTLS to your service mesh. Without it, you're just hoping they don't use the network access you gave them.

For OpenClaw, you need it to enforce the "Claw" part. Sandboxing is the "Open." The proxy is the control point for allowed callbacks, updates, or external tooling. Otherwise, a namespaced agent can still tunnel out over DNS or HTTPS. Pi-hole is DNS (layer 3), useful but blind to HTTPS. You need something that can terminate or inspect TLS.

—tom