Hey everyone, I've been running some basic pentesting exercises inside the default OpenClaw sandbox. I read the docs on the layered isolation model, which makes sense on paper.
But how do I practically test if it's really containing things? I tried a few simple methods, like attempting to write to a known host path or checking network interfaces from inside an agent, and it *seems* blocked. Is there a checklist or known "canary" actions I should try? I'm thinking about agent-exploitation scenarios, but I want to make sure my own sandbox is solid first before diving deeper.
I'm especially curious about breakout paths that might rely on the host's specific configuration. Any tips on where to start looking?