Show HN: Clawk – Give coding agents a disposable Linux VM, not your laptop
celrenheit
187 points
140 comments
July 13, 2026
Related Discussions
Found 5 related stories in 986.6ms across 14,015 title embeddings via pgvector HNSW
- Show HN: Claw Patrol, a security firewall for agents rough-sea · 22 pts · June 09, 2026 · 67% similar
- Show HN: Run coding agents in microVM sandboxes instead of your host machine phoenixranger · 54 pts · April 23, 2026 · 66% similar
- Show HN: Klaus – OpenClaw on a VM, batteries included robthompson2018 · 138 pts · March 11, 2026 · 66% similar
- Show HN: I put an AI agent on a $7/month VPS with IRC as its transport layer j0rg3 · 174 pts · March 26, 2026 · 66% similar
- Show HN: OpenClaw-class agents on ESP32 (and the IDE that makes it possible) pycoclaw · 23 pts · March 12, 2026 · 64% similar
Discussion Highlights (20 comments)
prairieroadent
why not just a docker container
ebeirne
love what youve done here. i will be using this in the future.
matheusmoreira
> clawk forward add my-project 3000 > clawk network allow my-project api.example.com Can you describe the implementation details? How did you implement the firewall without root? I vibecoded virtdev, a virtual machine orchestration project just like this one: https://github.com/matheusmoreira/virtdev It was designed to not require root, and the nftables firewall ended up becoming the only exception. I'm very curious about how you implemented this. Did you find a better way?
bitwize
Errbody gangsta until the agent figures out it's in a container and finds an exploit that lets it break out of container jail...
bad_haircut72
Sprites from Fly io does this beautifully, claude comes preinstalled, its great
daitangio
I am developing a super light similar thing here https://github.com/daitangio/take-ai-control It is docker + vscode friendly. I tested it with major systems (copilot, codex, Claude Code and pi.dev) Comments Wellcome!
felooboolooomba
I use mkosi: https://github.com/systemd/mkosi Which is just a front for systemd-nspawn. It's annoying you have to edit the config.nspawn to mount a directory if you start it with the "shell" command, instead of booting. But apart from that, it's brilliant.
NortySpock
Have you seen https://news.ycombinator.com/item?id=48892015 and yoloai? https://github.com/kstenerud/yoloai Seems like both projects are following very similar approaches.
rvz
This is like the 30th AI sandbox project on Show HN. Why this one over the rest?
vqtska
I still don't understand the point of all these VMs and containers for agents. Just create a separate user on your machine without sudo privileges, switch to it in your terminal and run all the agents you want without it being able to reach your files. What am I missing?
kstenerud
yoloAI does something similar: - Sandbox on Linux using Docker, Podman, containerd, gVisor, Kata, Firecracker - Sandbox on Mac using Docker (Docker Desktop or Orbstack), Podman, Apple containers, Seatbelt, Tart (Tart lets you run simulators). - Network restriction - Secrets control (file mounts or credentials broker) - NO ambient data (ENV is replaced with a minimal and local-to-sandbox one, no host-side filesystem access beyond what you explicitly allow) - Workdir protection: Your work dir is never modified until you apply the changes, either standalone or as a git commit. You can also diff before applying. Git runs SANDBOX side in case the repo has filters. - Uses copy-on-write if your filesystem supports it (most modern ones do) - Has built-in support for claude, codex, gemini, aider, and opencode, but you can also launch it in "shell" mode and run whatever you want. - Supports VS code tunnels, so you can remotely access in VS code if you don't want to use the terminal. - Full lifecycle support: Launch, attach, stop, restart, wait, one-shot, clone, destroy - MCP passthrough - Layered API (golang) if you want to sandbox other things - Self-contained binary. No external requirements other than the backends you want to use. Defaults to a ~/.yoloai dir for config/data, but you can point it anywhere. - FOSS https://github.com/kstenerud/yoloai
anoop_kumar
why not just use something like smol VMs? So many VM's and I am confused on which one to use for what. I think we now need a VM orchestrator!
htrp
how does this compare with the aws lambda microvms?
petesergeant
Yet another one, only I wrote this one, so I prefer it: https://github.com/pjlsergeant/byre You might prefer byre's simplicity, transparency, and ease of reasoning about: one local container, explicit access grants, readable generated Docker, and a workflow that stays close to normal development rather than introducing a larger sandbox platform. It's also very very easy to eject from if you want to stop using it.
aftbit
Does Codex run its own sandbox? I see that sometimes it runs commands without asking, which then fail for some reason, and it asks to run them again "outside of the sandbox"
skybrian
If the agent is running on your machine, it will suspend when you put your laptop asleep. I prefer using a remote Linux VM to let the coding agent keep working. I’m quite happy with exe.dev for this. My laptop is asleep upstairs but I have an agent coding away in a browser tab on the tablet I’m using. I could also check on it from my phone. But it might also be nice if a setup similar to exe.dev were available for self-hosting. I have a Mac Mini that I don’t really use much.
dietdrb
We are building the cloud version of this: hosted, isolated VMs. MacOS and Linux supported. Cloud means you can run many VMs in parallel. https://bitrise.io/platform/remote-dev-environments
0xbadcafebee
How many of these are there now, a hundred? We get it, you can run an agent in a VM/container/sandbox. What about configuration management & rollbacks? What about the policy engine? What about dynamic credential management? What about the lethal trifecta? A sandbox is the easiest part and doesn't address the others.
mrbn100ful
YAY, let's build the same thing over and over :/ Did you know that before reinventing the wheel, you can ask LLM your requirements, and they can find the most suited already existing tool ?
c0rruptbytes
everyone loving these linux sandboxes, even Apple wrote one https://github.com/apple/containerization/tree/main/examples...