Running OpenClaw in an Isolated Micro-VM with Void-Box

The r/openclaw community shared an experiment running OpenClaw inside a fully isolated execution environment connected to Telegram. Instead of using containers or running directly on the host, the setup uses a dedicated micro-VM boundary.

Setup Details

The configuration runs OpenClaw as a service inside an isolated micro-VM. Telegram forwards messages to this environment, with all execution staying sandboxed within the VM. No container runtime is involved in this setup.

Execution Boundaries

The goal is to provide OpenClaw with a clean execution boundary that prevents host filesystem leakage, avoids shared runtime state, and establishes explicit capability boundaries. This approach differs from container-based isolation by using full virtualization.

Void-Box Runtime

The isolation is powered by Void-Box, a capability-bound runtime that executes workflows inside isolated KVM micro-VMs (using native virtualization framework on macOS). Void-Box treats execution boundaries as a first-class primitive, expressed as: VoidBox = Agent(Skills) + Isolation.

Demo Content

A short demo shows the declarative workflow, the service booting inside a micro-VM, and Telegram receiving responses. The combination demonstrated is void-box + openclaw + telegram.

Repository

The Void-Box project is available at https://github.com/the-void-ia/void-box.