env(1) is obviously a program falling into pledge "stdio exec". It

env(1) is obviously a program falling into pledge "stdio exec".  It
does stdio, and it does a raw execve().  It is so obvious.  It gets
only _exit(2), kbind(2), and 46 system calls -- over half of which
are deeply gutted in their functionality to only serve narrow libc
needs for "stdio (includes malloc)".  the other 161 system calls kill it.