OpenShell is a managed sandbox backend for OpenClaw. Instead of running Docker The OpenShell plugin reuses the same core SSH transport and remote filesystem “`json5 theme={“theme”:{“light”:”min-light”,”dark”:”min-dark”}} This is the most important decision when using OpenShell.<\/p>\n Use Behavior:<\/p>\n Best for:<\/p>\n Tradeoff: extra sync cost before and after each exec.<\/p>\n Use Behavior:<\/p>\n Best for:<\/p>\n \u91cd\u8981\u8bf4\u660e: if you edit files on the host outside OpenClaw after the initial seed,
\ncontainers locally, OpenClaw delegates sandbox lifecycle to the openshell<\/code> CLI,
\nwhich provisions remote environments with SSH-based command execution.<\/p>\n
\nbridge as the generic SSH backend<\/a>. It adds
\nOpenShell-specific lifecycle (sandbox create\/get\/delete<\/code>, sandbox ssh-config<\/code>)
\nand an optional mirror<\/code> workspace mode.<\/p>\nPrerequisites<\/h2>\n
\n
openshell<\/code> CLI installed and on PATH<\/code> (or set a custom path via
\n plugins.entries.openshell.config.command<\/code>)<\/li>\n\u5feb\u901f\u5f00\u59cb<\/h2>\n
\n
\n{
\n agents: {
\n defaults: {
\n sandbox: {
\n mode: “all”,
\n backend: “openshell”,
\n scope: “session”,
\n workspaceAccess: “rw”,
\n },
\n },
\n },
\n plugins: {
\n entries: {
\n openshell: {
\n enabled: true,
\n config: {
\n from: “openclaw”,
\n mode: “remote”,
\n },
\n },
\n },
\n },
\n}<\/p>\n\n2. Restart the Gateway. On the next agent turn, OpenClaw creates an OpenShell\n sandbox and routes tool execution through it.\n\n3. Verify:\n\n```bash theme={"theme":{"light":"min-light","dark":"min-dark"}}\nopenclaw sandbox list\nopenclaw sandbox explain\n<\/code><\/pre>\nWorkspace modes<\/h2>\n
mirror<\/code><\/h3>\nplugins.entries.openshell.config.mode: \"mirror\"<\/code> when you want the local
\nworkspace to stay canonical<\/strong>.<\/p>\n\n
exec<\/code>, OpenClaw syncs the local workspace into the OpenShell sandbox.<\/li>\nexec<\/code>, OpenClaw syncs the remote workspace back to the local workspace.<\/li>\n
\n remains the source of truth between turns.<\/li>\n<\/ul>\n\n
\n sandbox automatically.<\/li>\n
\n possible.<\/li>\nremote<\/code><\/h3>\nplugins.entries.openshell.config.mode: \"remote\"<\/code> when you want the
\nOpenShell workspace to become canonical<\/strong>.<\/p>\n\n
\n the local workspace once.<\/li>\nexec<\/code>, read<\/code>, write<\/code>, edit<\/code>, and apply_patch<\/code> operate
\n directly against the remote OpenShell workspace.<\/li>\n
\n the sandbox bridge.<\/li>\n<\/ul>\n\n
\nthe remote sandbox does not<\/strong> see those changes. Use
\nopenclaw sandbox recreate<\/code> to re-seed.<\/p>\nChoosing a mode<\/h3>\n