diff --git a/docs/reference/network-policies.md b/docs/reference/network-policies.md
index bfbe74e2..512251c2 100644
--- a/docs/reference/network-policies.md
+++ b/docs/reference/network-policies.md
@@ -88,8 +88,8 @@ The following endpoint groups are allowed by default:
 
 * - `npm_registry`
   - `registry.npmjs.org:443`
-  - `/usr/local/bin/openclaw`, `/usr/local/bin/npm`
-  - GET only
+  - `/usr/local/bin/openclaw`, `/usr/local/bin/npm`, `/usr/local/bin/node`
+  - All methods, all paths
 
 * - `telegram`
   - `api.telegram.org:443`
diff --git a/nemoclaw-blueprint/policies/openclaw-sandbox.yaml b/nemoclaw-blueprint/policies/openclaw-sandbox.yaml
index 3e3d1cd9..10cd0a79 100644
--- a/nemoclaw-blueprint/policies/openclaw-sandbox.yaml
+++ b/nemoclaw-blueprint/policies/openclaw-sandbox.yaml
@@ -156,6 +156,7 @@ network_policies:
     binaries:
       - { path: /usr/local/bin/openclaw }
       - { path: /usr/local/bin/npm }
+      - { path: /usr/local/bin/node }
 
   # ── Messaging — pre-allowed for agent notifications ────────────
   # Telegram and Discord are open by default so the agent can send