Deploying a Sandboxed Family Agent with Cross-Compiled Go Skills in Clawdbot

Jan 19, 2026

I wanted to set up a “Family Agent” in Clawdbot so my family could interact with tools like stock analysis and summarization via WhatsApp. However, I needed to ensure this agent was completely isolated from my personal credentials and host system. Here is how I configured a sandboxed environment and deployed cross-compiled Go skills to solve this.

Customizing the Sandbox Image

Because some skills have specific runtime requirements—like the summarize skill needing Node.js 20+ to support newer regular expression flags—I created a custom Docker image. Using a default image with Node.js v18 resulted in a SyntaxError when the tool’s dependencies tried to load, so “baking in” the correct runtime was the first step.

The Dockerfile

I used a node:20-slim base to ensure all modern Node dependencies were supported:

1
2
3
4
5
6
7
8
9

FROM node:20-slim

# Install system dependencies
RUN apt-get update && apt-get install -y \
    curl \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

Building the image is a one-time task:

1

docker build -t [YOUR_DOCKER_IMAGE]:1.0 .

Cross-Compiling Go Binaries for Multi-Platform Support

To keep the agent high-performance, I wrote my custom skills (like stock-analysis) in Go. The beauty of Go is the ability to test locally on my M1 Max (darwin/arm64) and then cross-compile for the sandboxed Linux environment.

By producing a single binary for each platform and placing them in the dist/ folder of the skill, the agent can run the correct version regardless of the environment.

1
2
3
4
5

# Build for macOS (Local Testing)
GOOS=darwin GOARCH=arm64 go build -o dist/stock-analysis main.go

# Build for Linux (Sandbox Deployment)
GOOS=linux GOARCH=arm64 go build -o dist/stock-analysis-linux main.go

Bridging the LLM and Code with SKILL.md

Clawdbot uses a SKILL.md file to discover these binaries and understand how to use them. This file acts as the bridge between the LLM’s natural language and the Go code. For the stock analysis tool, I defined mandatory rules to ensure the agent returns the raw stdout verbatim, which is critical for trading data fidelity.

1
2
3
4
5
6

### Command
# macOS / Darwin
stock-analysis <TICKER>

# Linux / Sandbox
stock-analysis-linux <TICKER>

Configuring the Agent and Docker Sandbox

With the image built and skills compiled, I defined the family agent in clawdbot.json. Setting the sandbox mode to all forces every tool execution into the Docker container.

Crucially, because skills like summarize and stock-analysis need to reach out to external APIs and websites, I had to explicitly grant the sandbox internet access by setting the Docker network to bridge mode.

The Agent JSON Structure

The env block and sandbox settings live directly within the agent’s definition. Here is the full structure for the family agent:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

{
  "id": "family",
  "name": "family",
  "env": {
    "ANTHROPIC_API_KEY": "{{auth:[YOUR_ANTHROPIC_PROFILE]}}",
    "GEMINI_API_KEY": "{{auth:[YOUR_GEMINI_PROFILE]}}"
  },
  "workspace": "[WORKSPACE_PATH]",
  "sandbox": {
    "mode": "all",
    "workspaceAccess": "rw",
    "scope": "agent",
    "docker": {
      "image": "[YOUR_DOCKER_IMAGE]:1.0",
      "network": "bridge"
    }
  },
  "tools": {
    "sandbox": {
      "tools": {
        "allow": ["exec", "bash", "read", "write", "summarize", "stock-analysis"]
      }
    }
  }
}

I then bound this agent to a specific WhatsApp group ID so it only responds to family requests:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

"bindings": [
  {
    "agentId": "family",
    "match": {
      "channel": "whatsapp",
      "peer": {
        "kind": "group",
        "id": "[YOUR_GROUP_ID]@g.us"
      }
    }
  }
]

Lessons Learned

1. Secure Credential Injection

A key security feature of the sandbox is that it starts with a clean slate. By checking the sandbox logs, I could see that tools were failing because they lacked API keys. To fix this, I used explicit environment mapping in the JSON config.

You must map the specific environment variables that your skills expect (like GEMINI_API_KEY or ANTHROPIC_API_KEY) to your secure Clawdbot authentication profiles inside the env block shown in the configuration section above.

This ensures the agent is “least privileged”—it only has the specific tokens it needs to run its assigned skills.

Pro-Tip: Refreshing the Sandbox

Clawdbot creates the Docker container for the agent only one time. It persists across restarts for speed. If you need to force a clean slate or pick up changes in your custom image, simply delete the running container:

1

docker rm -f [CONTAINER_ID]

Clawdbot will automatically recreate the container from the image on the next request.

Wrapping Up

By using Docker for isolation, enabling bridge networking for internet access, and cross-compiling Go binaries for both macOS and Linux, I’ve created a setup that is both high-performance and secure. This configuration allows my family to benefit from agentic workflows while maintaining strict control over credential access and runtime environments.

How TosAI AutomationClawdbotDockerGoAIStock Analysis

Fixing File Associations on macOS Sequoia