NVIDIA NemoClaw provides an open-source stack to simplify the secure installation and operation of OpenClaw always-on assistants. It targets engineers and researchers needing a robust, sandboxed environment for autonomous AI agents, routing inference through NVIDIA's cloud infrastructure. The primary benefit is enabling safe, policy-governed execution of AI agents with simplified setup and managed security.

How It Works

NemoClaw installs the NVIDIA OpenShell runtime and Nemotron models, creating a secure, sandboxed environment orchestrated by a versioned blueprint. This approach ensures all agent interactions—network requests, file access, and inference calls—are governed by declarative policies. The nemoclaw CLI manages the entire stack, including the OpenShell gateway, sandbox, inference provider, and network policy. Inference requests are intercepted by OpenShell and transparently routed to NVIDIA cloud providers, offering a controlled execution model.

Quick Start & Requirements

Installation is initiated via a curl command: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash.

Prerequisites include:

• Hardware: Minimum 4 vCPU, 8 GB RAM (16 GB recommended), 20 GB disk space (40 GB recommended).
• Software: Linux (Ubuntu 22.04+), Node.js (v20+), npm (v10+), a supported container runtime (Docker is primary on Linux/WSL; Colima/Docker Desktop on macOS), and OpenShell installed.
• Credentials: An NVIDIA API key (obtainable from build.nvidia.com) is required for cloud inference.

The installation script runs a guided wizard to set up the sandbox, configure inference, and apply security policies.

Highlighted Details

• Security Layers: Implements strict baseline policies for network egress (blocking unauthorized connections, allowing operator approval), filesystem access (restricted to /sandbox and /tmp), process execution (preventing privilege escalation), and inference (rerouting API calls to controlled backends).
• Inference: Primarily leverages NVIDIA cloud models like nvidia/nemotron-3-super-120b-a12b via API key. Local inference options are experimental.
• Orchestration: The nemoclaw CLI provides comprehensive management of the OpenShell gateway, sandbox, inference, and network policies.

Maintenance & Community

NemoClaw is currently alpha software, described as early-stage with potential rough edges and interfaces subject to change without notice. It is shared to gather feedback, and the project welcomes community issues and discussions. Specific community links (e.g., Discord, Slack) or roadmap details are not provided in the README.

Licensing & Compatibility

This project is licensed under the Apache License 2.0. This license generally permits commercial use and integration with closed-source projects without significant restrictions.

Limitations & Caveats

As alpha software, NemoClaw is not production-ready and may exhibit instability or require manual workarounds on certain platforms. The openclaw nemoclaw plugin commands are under active development and may not be fully functional, with the nemoclaw host CLI serving as the primary interface. macOS users should note that Podman is not yet supported. Systems with less than 8 GB of RAM may encounter Out-Of-Memory errors during image operations, though swap space can mitigate this at the cost of performance.