Running Autonomous AI Safely with NVIDIA NemoClaw
How NemoClaw integrates OpenClaw with NVIDIA OpenShell to create secure, policy-driven sandboxes for always-on AI assistants.
The rise of open-source, action-oriented AI frameworks like OpenClaw has been incredible for productivity. We finally have models that can read files, write code, and navigate the web on our behalf. But handing an LLM unrestricted access to your local filesystem and network is a massive security risk.
This is exactly the problem that NVIDIA NemoClaw solves.
What is NemoClaw?
NemoClaw is an open-source plugin and runtime stack built by NVIDIA. It acts as a secure wrapper around OpenClaw by running it inside NVIDIA OpenShell, a sandboxed environment designed specifically for autonomous agents.
Instead of letting an AI agent run wild on your host OS, NemoClaw restricts its capabilities using strict declarative policies.
The Security Architecture
When you run an agent via NemoClaw, it operates under several distinct protection layers:
1. The Filesystem Sandbox
NemoClaw uses kernel-level isolation (like Landlock) to ensure the AI cannot read or write anything outside of /sandbox and /tmp. Even if the agent hallucinates or is maliciously prompt-injected, your source code and SSH keys remain untouched.
2. Network Egress Control
By default, the agent's network access is locked down. If the AI tries to make an outbound connection to an unauthorized IP or domain, OpenShell intercepts the request. The operator is then notified via a Terminal UI (TUI) to approve or deny the connection in real-time.
3. Centralized Inference Routing
Instead of the agent directly managing API keys and calling out to LLM providers, NemoClaw intercepts all inference calls. It securely routes these requests through the OpenShell gateway to NVIDIA's cloud models (like nvidia/nemotron-3-super-120b-a12b). The actual API keys are kept safely on the host, invisible to the sandbox.
Deploying a Secure Assistant
Getting started with NemoClaw is surprisingly straightforward. The installation script handles the Node.js dependencies, Docker containers, and the OpenShell runtime:
curl -fsSL https://nvidia.com/nemoclaw.sh | bash
Once installed, you use the nemoclaw CLI to manage your sandboxes. You can drop into an interactive chat interface seamlessly:
nemoclaw my-assistant connect
openclaw tui
Why This Matters
As developers, we are eager to adopt "agentic" workflows. Having an AI that can autonomously refactor code or manage infrastructure is the holy grail. But enterprise adoption has stalled precisely because of security concerns.
NemoClaw represents a critical maturation in the AI ecosystem. By providing a versioned, policy-enforced blueprint for agent execution, NVIDIA is making it safe to finally deploy always-on assistants in production environments.