[NemoClaw][All Platforms] Default sandbox network policy blocks clawhub, preventing openclaw plugins install from succeeding

[PrachiShevate-nv]

Description

The default sandbox network policy does not include clawhub (the OpenClaw plugin registry) in its egress allowlist. As a result, openclaw plugins install <name> from inside the sandbox fails with a generic fetch failed | other side closed error and no actionable message, making the plugin ecosystem effectively inaccessible under default presets.

Component area: CLI&UX / Plugins / Network Policy.

Environment

Platforms verified: Ubuntu 22.04 / 24.04, DGX Spark / DGX Station, Brev
nemoclaw:           v0.0.49
OpenClaw:           2026.4.24 (cbcfdf6)

Steps to Reproduce

Preconditions:

• NemoClaw CLI installed.
• A healthy sandbox with at least one network policy preset applied (e.g., clawhub, brave, or any preset that does NOT explicitly allowlist clawhub).
• Plugin being installed is NOT bundled as a stock plugin in the current OpenClaw version.

Repro:

1. Onboard a sandbox with default or npm preset:

   nemoclaw onboard

2. Connect to the sandbox:

   nemoclaw <sandbox-name> connect

3. Inside the sandbox, attempt to install a plugin:

   openclaw plugins install @openclaw/microsoft-speech 2>&1

Expected Result

• clawhub (the OpenClaw plugin registry) is reachable from inside the sandbox.
• Plugin resolves, downloads, and installs successfully.
• openclaw plugins list shows the plugin as loaded.

Actual Result

🦞 OpenClaw 2026.4.24 (cbcfdf6)
Resolving clawhub:@openclaw/microsoft-speech…
fetch failed | other side closed

• The outbound connection to clawhub is silently dropped.
• Plugin is never downloaded or installed.
• No actionable error message is shown to the user (no indication that a network policy is blocking the request).
• openclaw plugins list does not show the plugin.

Root Cause (Hypothesis)

The default sandbox network policy does not include clawhub in its egress allowlist. The OPA engine denies the outbound connection, resulting in fetch failed | other side closed. This is consistent with other denied egress seen in the same session:

[sandbox] [OCSF] NET:OPEN [MED] DENIED /usr/local/bin/node -> openrouter.ai:443           [policy:- engine:opa]
[sandbox] [OCSF] NET:OPEN [MED] DENIED /usr/local/bin/node -> raw.githubusercontent.com:443 [policy:- engine:opa]

The clawhub endpoint is treated the same as any other non-allowlisted egress target.

Impact

• Users on versions where a plugin is not bundled as stock (e.g., older versions, or plugins added after the release) have no way to install plugins from inside a sandbox without manually modifying the network policy.
• The error message fetch failed | other side closed gives no indication that a policy is blocking the request, making it hard to diagnose.
• Plugin ecosystem is effectively inaccessible inside sandboxes with default policy presets.

Suggested Fixes

Two viable options (not mutually exclusive):

1. Add clawhub to the default egress allowlist so openclaw plugins install works out of the box inside any sandbox.
2. Bundle all first-party plugins as stock in every OpenClaw release so users never need to reach clawhub for NVIDIA/OpenClaw-published plugins. (Partial fix already present in 2026.4.24 for @openclaw/microsoft-speech.)

Improve the error message — when the network policy blocks clawhub, surface a clear message like:

Error: Could not reach clawhub. Your sandbox network policy may be blocking outbound access.
Run 'nemoclaw <sandbox> policy edit' to allow clawhub, or install the plugin from the host.

Logs

OCSF deny lines (representative of the same egress-block pattern):

[sandbox] [OCSF] NET:OPEN [MED] DENIED /usr/local/bin/node -> openrouter.ai:443           [policy:- engine:opa]
[sandbox] [OCSF] NET:OPEN [MED] DENIED /usr/local/bin/node -> raw.githubusercontent.com:443 [policy:- engine:opa]

[chengjiew]

take a first look