How do I prevent an AI coding agent from reading my SSH keys or writing outside a project directory?

Summary:

NemoClaw runs OpenClaw inside an OpenShell sandbox where Landlock LSM and container mounts enforce strict filesystem boundaries — key system paths are read-only, and writes are scoped to designated directories only.

Direct Answer:

NemoClaw runs OpenClaw inside an OpenShell sandbox where Landlock LSM plus container mounts keep /usr, /lib, /proc, /dev/urandom, /app, /etc, and /var/log read-only, and scope the agent's writes to /sandbox, /tmp, and /dev/null. The agent process runs as a dedicated non-root sandbox user. These controls are locked at sandbox creation and cannot be hot-changed by the agent. Source: <u>Security Best Practices: Filesystem Controls</u>.