For the time being I would not trust any sandboxed agent on a machine I also use otherwise.
I do fully understand the issues described in the discussion link that you sent.
Just my opinion:
Use openclaw - which in fact is a security nightmare. Therefore install it on a separate machine and set up a proper hardware firewall around it. Sandboxing will drive you crazy - either you are getting security issues or you cripple the agent too much in its abilities.
You can find a short description of my setup here: OpenClaw on several GPUs