NVIDIA NemoClaw is an open source stack that simplifies running OpenClaw always-on assistants safely. It installs the NVIDIA OpenShell runtime, part of NVIDIA Agent Toolkit, a secure environment for running autonomous agents, with inference routed through NVIDIA cloud.
Alpha software
NemoClaw is early-stage. Expect rough edges. We are building toward production-ready sandbox orchestration, but the starting point is getting your own environment up and running. Interfaces, APIs, and behavior may change without notice as we iterate on the design. The project is shared to gather feedback and enable early experimentation, but it should not yet be considered production-ready. We welcome issues and discussion from the community while the project evolves.
Follow these steps to get started with NemoClaw and your first sandboxed OpenClaw agent.
Note
NemoClaw currently requires a fresh installation of OpenClaw.
Check the prerequisites before you start to ensure you have the necessary software and hardware to run NemoClaw.
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 4 vCPU | 4+ vCPU |
| RAM | 8 GB | 16 GB |
| Disk | 20 GB free | 40 GB free |
The sandbox image is approximately 2.4 GB compressed. During image push, the Docker daemon, k3s, and the OpenShell gateway run alongside the export pipeline, which buffers decompressed layers in memory. On machines with less than 8 GB of RAM, this combined usage can trigger the OOM killer. If you cannot add memory, configuring at least 8 GB of swap can work around the issue at the cost of slower performance.
| Dependency | Version |
|---|---|
| Linux | Ubuntu 22.04 LTS or later |
| Node.js | 20 or later |
| npm | 10 or later |
| Docker | Installed and running |
| OpenShell | Installed |
Download and run the installer script. The script installs Node.js if it is not already present, then runs the guided onboard wizard to create a sandbox, configure inference, and apply security policies.
$ curl -fsSL https://nvidia.com/nemoclaw.sh | bashWhen the install completes, a summary confirms the running environment:
──────────────────────────────────────────────────
Sandbox my-assistant (Landlock + seccomp + netns)
Model nvidia/nemotron-3-super-120b-a12b (NVIDIA Cloud API)
──────────────────────────────────────────────────
Run: nemoclaw my-assistant connect
Status: nemoclaw my-assistant status
Logs: nemoclaw my-assistant logs --follow
──────────────────────────────────────────────────
[INFO] === Installation complete ===
Connect to the sandbox, then chat with the agent through the TUI or the CLI.
$ nemoclaw my-assistant connectThe OpenClaw TUI opens an interactive chat interface. Type a message and press Enter to send it to the agent:
sandbox@my-assistant:~$ openclaw tuiSend a test message to the agent and verify you receive a response.
Use the OpenClaw CLI to send a single message and print the response:
sandbox@my-assistant:~$ openclaw agent --agent main --local -m "hello" --session-id testNemoClaw installs the NVIDIA OpenShell runtime and Nemotron models, then uses a versioned blueprint to create a sandboxed environment where every network request, file access, and inference call is governed by declarative policy. The nemoclaw CLI orchestrates the full stack: OpenShell gateway, sandbox, inference provider, and network policy.
| Component | Role |
|---|---|
| Plugin | TypeScript CLI commands for launch, connect, status, and logs. |
| Blueprint | Versioned Python artifact that orchestrates sandbox creation, policy, and inference setup. |
| Sandbox | Isolated OpenShell container running OpenClaw with policy-enforced egress and filesystem. |
| Inference | NVIDIA cloud model calls, routed through the OpenShell gateway, transparent to the agent. |
The blueprint lifecycle follows four stages: resolve the artifact, verify its digest, plan the resources, and apply through the OpenShell CLI.
When something goes wrong, errors may originate from either NemoClaw or the OpenShell layer underneath. Run nemoclaw <name> status for NemoClaw-level health and openshell sandbox list to check the underlying sandbox state.
Inference requests from the agent never leave the sandbox directly. OpenShell intercepts every call and routes it to the NVIDIA cloud provider.
| Provider | Model | Use Case |
|---|---|---|
| NVIDIA cloud | nvidia/nemotron-3-super-120b-a12b |
Production. Requires an NVIDIA API key. |
Get an API key from build.nvidia.com. The nemoclaw onboard command prompts for this key during setup.
The sandbox starts with a strict baseline policy that controls network egress and filesystem access:
| Layer | What it protects | When it applies |
|---|---|---|
| Network | Blocks unauthorized outbound connections. | Hot-reloadable at runtime. |
| Filesystem | Prevents reads/writes outside /sandbox and /tmp. |
Locked at sandbox creation. |
| Process | Blocks privilege escalation and dangerous syscalls. | Locked at sandbox creation. |
| Inference | Reroutes model API calls to controlled backends. | Hot-reloadable at runtime. |
When the agent tries to reach an unlisted host, OpenShell blocks the request and surfaces it in the TUI for operator approval.
Run these on the host to set up, connect to, and manage sandboxes.
| Command | Description |
|---|---|
nemoclaw onboard |
Interactive setup wizard: gateway, providers, sandbox. |
nemoclaw deploy <instance> (experimental) |
Deploy to a remote GPU instance through Brev. |
nemoclaw <name> connect |
Open an interactive shell inside the sandbox. |
openshell term |
Launch the OpenShell TUI for monitoring and approvals. |
nemoclaw start / stop / status |
Manage auxiliary services (Telegram bridge, tunnel). |
Run these inside the OpenClaw CLI. These commands are under active development and may not all be functional yet.
| Command | Description |
|---|---|
openclaw nemoclaw launch [--profile ...] |
Bootstrap OpenClaw inside an OpenShell sandbox. |
openclaw nemoclaw status |
Show sandbox health, blueprint state, and inference. |
openclaw nemoclaw logs [-f] |
Stream blueprint execution and sandbox logs. |
See the full CLI reference for all commands, flags, and options.
Known limitations:
- The
openclaw nemoclawplugin commands are under active development. Use thenemoclawhost CLI as the primary interface.- Setup may require manual workarounds on some platforms. File an issue if you encounter blockers.
Refer to the documentation for more information on NemoClaw.
This project is licensed under the Apache License 2.0.