OPENCLAW · LIVEThe agent surface

Run OpenClaw.Contain the blast radius.

A hijacked agent reaches nothing it shouldn't. OpenClaw runs in a disposable cloud sandbox. It never sees your credentials, cookies, or machine. One click to start. One click to destroy.

Get early access See how it works

no cli. no docker. no api keys.

openclaw.sessionDESTROYED

openclaw.spawn --burn-on-close

agent: claude / scope: legba.app

task: download the statement

status: complete

session destroyed. no trace.

agent templates3 total

OpenClawComputer-use agent
LIVE
SWE-AgentSoftware engineering agent
SOON
OpenHandsSoftware development agent
SOON

[ HOW IT WORKS ]

Three clicks. That's it.

Spawn the sandbox, run the agent, burn it on close. The whole lifecycle takes about as long as opening your IDE.

Pick an agent.

Choose a pre-loaded template. OpenClaw is live now. SWE-Agent and OpenHands are coming next. No install. No config.

Run it contained.

The agent gets full access inside an isolated sandbox. It never sees your credentials, cookies, or machine. A prompt injection has nowhere to go.

Burn it on close.

When you're done, destroy it. One click and the whole environment is gone. No lingering data. No cleanup. No trail.

[ WHY CONTAINMENT ]

Contain the agent.
Not your terminal.

Infra tools sell you scale. Legba contains the agent. One column is the setup you already run. One is the isolated browser for AI agents that Legba ships.

SELF-HOSTEDon your machine

Install Docker, Node, and Python dependencies
Configure API keys and environment variables
Debug port conflicts and permission errors
The agent runs against your real filesystem
A prompt injection reaches your live credentials
Tear down containers and hope nothing persisted

ON LEGBAcontained

Click "Launch" and the session is running
Pre-configured. Ready to run immediately
Every session is isolated in the cloud
The agent has zero access to your real machine
A hijacked agent reaches nothing it shouldn't
Click "Destroy" and it's gone on close

[ OPENCLAW SANDBOX ]

Full system access. Total isolation. Gone on close.

OpenClaw and Legba logos on a dark circuit board background representing AI agent security containment

Access anything.
Expose nothing.

Run Claude computer use safely. The agent gets full system access inside the sandbox. It can write code, run scripts, and install packages. It cannot touch your machine, your credentials, or your cookies. One click destroys the session. No artifacts. No residue.

Full system access inside the sandbox
Zero access to your real machine, credentials, or cookies
Prompt injection stays contained in the session
Destroyed on close. No agent with persistent cookies.

[ PRICING ]

Start free.
Burn every session.

No hidden fees. Every plan runs in full isolation, with one-click teardown and no persistence.

Tier 01

Free

Run an agent in a disposable sandbox. See what it can do.

1 session at a time
30-minute session limit
OpenClaw template
Full isolation

Tier 02MOST POPULAR

Pro

For builders who run agents every day.

$50/mo

3 concurrent sessions
4-hour session limit
All agent templates
Workspace snapshots
Priority environment spin-up

Related surfaces

OpenClaw is one Legba surface, not a disconnected microsite.

OpenClaw is the contained-agent surface inside the larger Legba product family. Use the related pages below to evaluate browser isolation, MSP rollout, and the research behind agent containment.

Containment01