Whilst it is safer to run inside a Vm/container, it doesn't make it safe.

Yes, having your entire filesystem deleted is much less likely now (bonus points for zfs snapshots of the image for each operation) Your context is still vulnerable, as anything the VM has access too.

Interesting. Im looking for solution to run multiple OpenClaw bots in the cloud, with security and isolation in mind.