Skip to content
Managed Runners — Beta

Secure OpenClaw sandboxes. Managed for you.

Deploy agents in seconds. Tear down in one call. Full governance, observability, and HITL built in.

Request AccessRead the Docs
from curate_me import CurateMe # Spin up a governed sandbox client = CurateMe(api_key="cm_sk_...") runner = client.runners.create( tool_profile="locked", budget_limit=5.00 )
Managed Runners — secure sandboxed container environments

OpenClaw is powerful. It's also wide open.

Raw OpenClaw gives you compute. Curate-Me wraps it in governance so you can ship agents without losing sleep.

GapOpenClaw DefaultWith Curate-Me
Cost controlNone ($3,600+ overnight bills reported)Per-run budget caps + daily limits
Skill vetting12% malicious on ClawHub (confirmed)Allowlisted skills only
Remote code executionCVE-2026-25253 (CVSS 8.8)Sandboxed containers + read-only rootfs
Audit trailNo persistence (21K+ instances exposed)Immutable execution log + time-travel debug
Credential storagePlaintext env varsEncrypted vault (BYOK)
Network isolationFull access (no outbound control)Configurable outbound rules + domain allowlist
Natural Language Task Routing

Tell your agent what to do. In plain English.

The intent router classifies your request, matches it to a template, and configures the runner automatically. Scheduling, tool profiles, and autonomy levels -- all inferred from a single sentence.

See all templates
Intent Router
You say"Deploy staging to production every Friday at 5pm"
Intent classifieddeployment_promotion
Template matcheddeploy-pipeline
Schedule setcron: 0 17 * * 5
Tool profileweb_automation
Autonomyconfirm (flags risky steps)

Four levels of autonomy.

Start conservative. Increase trust as you build confidence. Every level keeps full audit trail.

observe

Observe

Agent reports what it would do. No actions taken. Full transparency for review.

propose

Propose

Agent drafts actions and waits for human approval before executing any of them.

confirm

Confirm

Agent executes safe actions automatically. Flags risky operations for review.

auto

Auto

Full autonomy within budget and outbound policy. Immutable log captures everything.

Three tool profiles. Right-sized access.

Give your agents exactly the capabilities they need -- and nothing more. Each profile enforces strict boundaries at the container level.

locked
Minimal risk

Minimal environment. No network, no browser, no filesystem writes. Pure computation.

Capabilities
Read-only filesystem
No outbound network
No browser
Sandboxed runtime

Start from a template. Ship in minutes.

Pre-built runner configurations for common workflows. Each template includes tool profile, outbound rules, and a prompt scaffold.

DevOps

  • PR Reviewer
  • Deploy Pipeline
  • Log Analyzer
  • Dependency Updater

Data

  • ETL Pipeline
  • Report Generator
  • Data Quality Audit
  • Schema Migration

Security

  • Vuln Scanner
  • Secret Rotator
  • Access Auditor
  • Compliance Check

Content

  • Blog Writer
  • Social Scheduler
  • Image Optimizer
  • SEO Auditor

Custom

  • Blank Template
  • From GitHub Repo
  • Import Dockerfile
  • API Endpoint
Built for OpenClaw

Secure agents start here.

Request early access to Managed Runners. Budget caps, encrypted vaults, immutable audit trails -- all included.

No credit card·SOC 2 Ready·Self-hosted Option