[All Platform] GitHub policy + binary is injected into sandbox runtime policy without user opt-in

[zNeill]

Description

Summary:
NemoClaw appears to inject a github network policy+binary into the effective sandbox policy even when the user did not explicitly select any GitHub-related preset. The visible policy presets list does not include a github preset, so the permission is not user-discoverable or user-controllable.>>>nemoclaw status

• That policy allows:
  • github.com:443
  • api.github.com:443
• It also whitelists binaries:
  • /usr/bin/git
  • /usr/bin/gh

While during onboarding

  Available policy presets:
     [ ] brave          — Brave Search API access
     [ ] discord        — Discord API, gateway, and CDN access
     [ ] docker         — Docker Hub and NVIDIA container registry access
     [ ] huggingface    — Hugging Face Hub, LFS, and Inference API access
     [ ] jira           — Jira and Atlassian Cloud access
     [✓] npm            — npm and Yarn registry access
     [ ] outlook        — Microsoft Outlook and Graph API access
     [✓] pypi           — Python Package Index (PyPI) access
   > [✓] slack          — Slack API, Socket Mode, and webhooks access
     [ ] telegram       — Telegram Bot API access

Steps to reproduce:

1. nemoclaw onboard → check policy presets -> complete onboard -> there is not github policy presets
2. nemoclaw status -> there are github policy and binary
3. And user can do git clone inside sandbox

Expected behavior:

• GitHub access should not be added unless explicitly selected by the user, or
• GitHub should be exposed as a visible preset so the user can audit and control it

Environment

• NemoClaw v0.0.7
• OpenShell 0.0.23
• OpenClaw 2026.3.11
• Node.js 22.22.1

---

[NVB# 6056396]

[NVB#6056396]