NVIDIA NemoClaw is an open source reference stack for running always-on Artificial Intelligence agents more safely inside NVIDIA OpenShell sandboxes. The project combines guided onboarding, a hardened blueprint, routed inference, network policy, and lifecycle management through a command-line interface. Supported agents include OpenClaw as the default option and Hermes, which can be selected by setting NEMOCLAW_AGENT=hermes before running the installer or by using the nemohermes alias after installation.
The stack is documented around its plugin structure, blueprint lifecycle, sandbox environment, host-side state, and protection layers. Its documentation covers prerequisites, inference options, network policies, customized policy changes, security best practices, sandbox hardening, command-line commands, and troubleshooting. NemoClaw is positioned as part of an ecosystem with OpenClaw and OpenShell, including guidance on when to use NemoClaw instead of OpenShell alone.
Security is central to the project. NemoClaw includes baseline network rules, an operator approval flow, egress control, and sandbox hardening measures such as container security controls, capability drops, and process limits. Current priorities include improving install and onboarding reliability across tested platforms, strengthening sandbox hardening, credential handling, and network-policy defaults, validating local and routed inference behavior for supported provider paths, and keeping documentation, troubleshooting guidance, and agent skills aligned with supported workflows.
NemoClaw is described as an alpha project, with maintainers reviewing issues, discussions, and pull requests on a best effort basis without guaranteed response timelines. Setup and usage questions are directed to GitHub Discussions or Discord, reproducible bugs to GitHub Issues, and broader feature proposals to GitHub Discussions before an issue is opened. Security vulnerabilities must be reported through private channels listed in SECURITY.md, including the NVIDIA Vulnerability Disclosure Program, encrypted email to [email protected], or GitHub private vulnerability reporting.
