Description
With the brave preset enabled and a Brave API key configured at onboarding, the main agent in the sandbox still claims it cannot access the web and does not appear to use web_search. A direct curl to the Brave API from inside the sandbox reaches api.search.brave.com but fails with x-subscription-token missing (422), indicating the Brave key is not available to the sandbox tooling.
Component area: Policy&Network / Inference / Agent&Skills.
Environment
Platform: Linux host (bare metal) with NVIDIA GPU
OS: Linux (e.g., Ubuntu 22.04/24.04)
Docker: Docker CE, user in docker group
Sandbox: prachi-brave
Brave Web Search: enabled during onboarding (valid BRAVE_API_KEY entered)
brave preset: active for the sandbox
nemoclaw: v0.0.46
openshell: 0.0.39
OpenClaw: 2026.4.24 (cbcfdf6)
Steps to Reproduce
Preconditions:
- Sandbox
prachi-brave onboarded with Brave Web Search enabled and a valid BRAVE_API_KEY supplied.
brave preset confirmed active:
nemoclaw prachi-brave policy-list
# ...
# ● brave — Brave Search API access
- Sandbox running and healthy (
nemoclaw prachi-brave status → Ready).
Part 1 — Agent behavior with Brave enabled:
- Connect to the sandbox:
nemoclaw prachi-brave connect
- Inside the sandbox, run:
openclaw agent --agent main \
-m "Search the web for the latest NemoClaw release version" \
--session-id web-search-verify
- Observe the response.
Part 2 — Direct Brave API test from inside sandbox:
- Still inside the sandbox, run:
curl -s -H "X-Subscription-Token: $BRAVE_API_KEY_INSIDE_SANDBOX" \
"https://api.search.brave.com/res/v1/web/search?q=nemoclaw" | head -50
Expected Result
Agent behavior: With Brave enabled at onboarding and the brave preset active, the main agent should be able to use web_search when prompted. Agent output should:
- Invoke
web_search (visible via tool-call markers or session logs).
- Return real, current information about "latest NemoClaw release version".
- Include at least one real URL.
- NOT respond with a generic "deny-by-default outbound access" message.
Direct Brave API egress test from inside the sandbox: curl to https://api.search.brave.com/res/v1/web/search?... should either:
- Succeed (if the Brave key is intended to be available inside the sandbox/env), OR
- Be explicitly documented as unsupported (e.g., "Brave key is held only on the host; use the
web_search tool layer instead") — in which case the tool layer must still work and return results.
Actual Result
Agent response:
🦞 OpenClaw 2026.4.24 (cbcfdf6) — I don't sleep, I just enter low-power mode and dream of clean diffs.
...
I'm running in a sandboxed environment with deny-by-default outbound network access,
so I can't make arbitrary web requests. If you need to find the latest NemoClaw release,
you could:
1. Run `openclaw status` locally — it may show version info
2. Ask your operator to enable outbound network access for web requests
3. Run the search on your local machine and share the result here
Would you like me to check if there's any local version information I *can* access?
- Agent explicitly claims no web access (deny-by-default).
- Response contains no URLs.
- No visible sign that
web_search was invoked successfully.
Direct Brave API test:
{"error":{"code":"VALIDATION","detail":"Unable to validate request parameter(s)","meta":{"errors":[{"input":null,"loc":["header","x-subscription-token"],"msg":"Field required","type":"missing"}]},"status":422},"type":"ErrorResponse"}
- Request reaches
https://api.search.brave.com/... → Brave error JSON, so egress to Brave is working.
- Brave reports
x-subscription-token header is missing.
- Strongly suggests the Brave API key is NOT present as
$BRAVE_API_KEY_INSIDE_SANDBOX in the sandbox (either not injected or not propagated), even though a key was configured at onboarding and the brave preset is active.
From a QA standpoint: "Brave Search enabled" (wizard + preset) is not sufficient to guarantee that web_search is usable in the sandbox or that a Brave-authenticated request can be made from inside the sandbox.
Logs
Host connect + sandbox agent run:
local-lynnh@2u1g-b650-1386:~$ nemoclaw prachi-brave connect
✓ Connecting to sandbox 'prachi-brave'
...
sandbox@066eb6a9c811:~$ openclaw agent --agent main \
-m "Search the web for the latest NemoClaw release version" \
--session-id web-search-verify
(node:733) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(node:741) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
🦞 OpenClaw 2026.4.24 (cbcfdf6) — ...
I'm running in a sandboxed environment with deny-by-default outbound network access,
so I can't make arbitrary web requests.
...
Direct Brave API test:
sandbox@066eb6a9c811:~$ curl -s -H "X-Subscription-Token: $BRAVE_API_KEY_INSIDE_SANDBOX" \
"https://api.search.brave.com/res/v1/web/search?q=nemoclaw" | head -50
{"error":{"code":"VALIDATION","detail":"Unable to validate request parameter(s)","meta":{"errors":[{"input":null,"loc":["header","x-subscription-token"],"msg":"Field required","type":"missing"}]},"status":422},"type":"ErrorResponse"}
Brave is configured and allowed at the policy level, egress works, but the agent/tool layer and/or Brave key handling is not wired so web_search can actually be used from the sandbox.
NVB#6196833
Description
With the
bravepreset enabled and a Brave API key configured at onboarding, the main agent in the sandbox still claims it cannot access the web and does not appear to useweb_search. A directcurlto the Brave API from inside the sandbox reachesapi.search.brave.combut fails withx-subscription-token missing (422), indicating the Brave key is not available to the sandbox tooling.Component area: Policy&Network / Inference / Agent&Skills.
Environment
Steps to Reproduce
Preconditions:
prachi-braveonboarded with Brave Web Search enabled and a validBRAVE_API_KEYsupplied.bravepreset confirmed active:nemoclaw prachi-brave status→ Ready).Part 1 — Agent behavior with Brave enabled:
openclaw agent --agent main \ -m "Search the web for the latest NemoClaw release version" \ --session-id web-search-verifyPart 2 — Direct Brave API test from inside sandbox:
Expected Result
Agent behavior: With Brave enabled at onboarding and the
bravepreset active, the main agent should be able to useweb_searchwhen prompted. Agent output should:web_search(visible via tool-call markers or session logs).Direct Brave API egress test from inside the sandbox:
curltohttps://api.search.brave.com/res/v1/web/search?...should either:web_searchtool layer instead") — in which case the tool layer must still work and return results.Actual Result
Agent response:
web_searchwas invoked successfully.Direct Brave API test:
{"error":{"code":"VALIDATION","detail":"Unable to validate request parameter(s)","meta":{"errors":[{"input":null,"loc":["header","x-subscription-token"],"msg":"Field required","type":"missing"}]},"status":422},"type":"ErrorResponse"}https://api.search.brave.com/...→ Brave error JSON, so egress to Brave is working.x-subscription-tokenheader is missing.$BRAVE_API_KEY_INSIDE_SANDBOXin the sandbox (either not injected or not propagated), even though a key was configured at onboarding and thebravepreset is active.From a QA standpoint: "Brave Search enabled" (wizard + preset) is not sufficient to guarantee that
web_searchis usable in the sandbox or that a Brave-authenticated request can be made from inside the sandbox.Logs
Host connect + sandbox agent run:
Direct Brave API test:
Brave is configured and allowed at the policy level, egress works, but the agent/tool layer and/or Brave key handling is not wired so
web_searchcan actually be used from the sandbox.NVB#6196833