Initial commit: OpenClaw Skill Collection

6 custom skills (assign-task, dispatch-webhook, daily-briefing,
task-capture, qmd-brain, tts-voice) with technical documentation.
Compatible with Claude Code, OpenClaw, Codex CLI, and OpenCode.

openclaw-knowhow-skill/docs/infrastructure/install/docker.md

@@ -0,0 +1,37 @@
+# Docker Documentation - OpenClaw
+
+## Overview
+
+OpenClaw's Docker support is optional. Docker is **optional**. Use it only if you want a containerized gateway or to validate the Docker flow.
+
+## Key Use Cases
+
+Docker suits you if you need isolation or want to avoid local installations. The guide covers two main scenarios:
+
+1. **Containerized Gateway** - Full OpenClaw running in Docker
+2. **Agent Sandbox** - Host gateway with Docker-isolated agent tools
+
+## Quick Start
+
+The recommended approach uses a setup script that builds the gateway image, runs onboarding, and starts services via Docker Compose. After completion, users access the Control UI at `http://127.0.0.1:18789/`.
+
+## Configuration Options
+
+The documentation provides several optional environment variables:
+
+- `OPENCLAW_DOCKER_APT_PACKAGES` - Install system packages during build
+- `OPENCLAW_EXTRA_MOUNTS` - Add additional bind mounts
+- `OPENCLAW_HOME_VOLUME` - Persist container home directory
+
+## Agent Sandboxing
+
+When enabled, non-main sessions run tools inside isolated Docker containers while the gateway remains on the host. Key features include:
+
+- Configurable scope (per-session or per-agent)
+- Workspace access controls (none, read-only, read-write)
+- Tool allow/deny policies
+- Auto-pruning of idle containers
+
+## Security Considerations
+
+The default image runs as non-root user for security. Hard isolation only applies to **tools** (exec/read/write/edit/apply_patch) and allowing browser access in sandbox breaks isolation.