Summary

When running with sandbox.mode: "all", the agent cannot access scheduling tools (cron) from within the sandbox container. This means the agent cannot autonomously create, modify, or delete cron jobs — a core capability for a personal assistant workflow.

Current Behavior

• cron is in the sandbox tool policy deny list by default
• The openclaw CLI is not available inside the container
• The agent must ask the user to manually run openclaw cron add ... on the host

Expected Behavior

The agent should be able to manage cron jobs from within a sandboxed session, either by:

1. Adding cron to the sandbox tool allow list (Gateway-side RPC, no host CLI needed), or
2. Exposing a scheduling API endpoint accessible from the sandbox container

Motivation

Sandboxing is meant to isolate filesystem and process execution, not to prevent the agent from managing its own scheduled tasks. Cron jobs are a Gateway-level abstraction (not host processes), so there is no security reason to block them from sandboxed sessions.

A personal assistant that cannot set its own reminders or periodic checks without user intervention loses a key workflow.

Environment

• OpenClaw: 2026.2.26
• Sandbox mode: all, scope: agent
• OS: Ubuntu 24.04 (Linux 6.8.0)