SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. SPDX-License-Identifier: Apache-2.0 --> NVIDIA NemoClaw is an open source reference stack for running always-on AI agents more safely inside NVIDIA OpenShell sandboxes. It provides guided onboarding, a hardened blueprint, routed inference, network policy, and lifecycle management through a single CLI. For capabilities, architecture, security controls, and the full feature list, see the NemoClaw documentation.
NVIDIA NemoClaw: Reference Stack for Sandboxed AI Agents in OpenShell
NVIDIA NemoClaw is an open source reference stack for running always-on AI agents more safely inside NVIDIA OpenShell sandboxes. It provides guided onboarding, a hardened blueprint, routed inference, network policy, and lifecycle management through a single CLI.
Supported agents:
For capabilities, architecture, security controls, and the full feature list, see the NemoClaw documentation.
Get Started
Review Prerequisites before installing.
For Hermes, set NEMOCLAW_AGENT=hermes before running the installer, or use the nemohermes alias after install.
| Agent | Guide |
|---|---|
| OpenClaw (default) | Quickstart with OpenClaw |
| Hermes | Quickstart with Hermes |
Documentation
Refer to the following pages on the official documentation website for more information on NemoClaw.
| Page | Description |
|---|---|
| Overview | What NemoClaw does and how it fits together. |
| Architecture Overview | High-level overview of Plugin, blueprint, sandbox lifecycle, and protection layers. |
| Ecosystem | How OpenClaw, OpenShell, and NemoClaw form a stack and when to use NemoClaw versus OpenShell alone. |
| Architecture Details | Detailed description of Plugin structure, blueprint lifecycle, sandbox environment, and host-side state. |
| Prerequisites | Hardware, software, and supported platforms, with any platform-specific pre-setup. |
| Inference Options | Supported providers, validation, and routed inference configuration. |
| Network Policies | Baseline rules, operator approval flow, and egress control. |
| Customize Network Policy | Static and dynamic policy changes, presets. |
| Security Best Practices | Controls reference, risk framework, and posture profiles for sandbox security. |
| Sandbox Hardening | Container security measures, capability drops, process limits. |
| CLI Commands | Full NemoClaw CLI command reference. |
| Troubleshooting | Common issues and resolution steps. |
Community
Join the NemoClaw community to ask questions, share feedback, and report issues. NemoClaw is an alpha project, so maintainers review issues, discussions, and pull requests on a best effort basis without guaranteed response timelines.
| Need | Channel |
|---|---|
| Setup or usage questions | GitHub Discussions or Discord |
| Reproducible bugs | GitHub Issues |
| Feature proposals | Start with GitHub Discussions, then open an issue when the scope is clear |
| Current priorities | Current Priorities |
| Contribution help | CONTRIBUTING.md |
| Security vulnerabilities | Use the private channels in SECURITY.md; do not open public issues |
Contributing
We welcome contributions. See CONTRIBUTING.md for development setup, coding standards, and the PR process.
Security
NVIDIA takes security seriously. If you discover a vulnerability in NemoClaw, DO NOT open a public issue. Use one of the private reporting channels described in SECURITY.md:
- Submit a report through the NVIDIA Vulnerability Disclosure Program.
- Send an email to psirt@nvidia.com encrypted with the NVIDIA PGP key.
- Use GitHub's private vulnerability reporting to submit a report directly on this repository.
For security bulletins and PSIRT policies, visit the NVIDIA Product Security portal.
Current Priorities
NemoClaw's current priorities are maintained here as a public orientation point for contributors and community members. This list is not a delivery commitment, support promise, or fixed roadmap; priorities can change as maintainers respond to security, quality, platform readiness, and community feedback.
- Improve install and onboarding reliability across tested platforms.
- Strengthen sandbox hardening, credential handling, and network-policy defaults.
- Validate local and routed inference behavior for supported provider paths.
- Keep documentation, troubleshooting guidance, and agent skills aligned with supported workflows.
For specific scoped work, use GitHub Issues and start broader proposals in GitHub Discussions. Security vulnerabilities must use the private reporting channels in SECURITY.md, not public issues.
Notice and Disclaimer
This software automatically retrieves, accesses or interacts with external materials. Those retrieved materials are not distributed with this software and are governed solely by separate terms, conditions and licenses. You are solely responsible for finding, reviewing and complying with all applicable terms, conditions, and licenses, and for verifying the security, integrity and suitability of any retrieved materials for your specific use case. This software is provided "AS IS", without warranty of any kind. The author makes no representations or warranties regarding any retrieved materials, and assumes no liability for any losses, damages, liabilities or legal consequences from your use or inability to use this software or any retrieved materials. Use this software and the retrieved materials at your own risk.
License
Apache 2.0. See LICENSE.
What people are saying
“NemoClaw v0.0.64 is out! — NemoClaw v0.0.64 is a stability release for the paths where sandboxes need to survive real-world drift: plugin catalogs moving ahead of pinned hosts, custom policies moving through snapshot res…”
GH↑ 5cv↗
“Separating Governance, Reasoning, and Execution in Local Agent Systems — I have been following the OpenShell / NemoClaw discussions closely, and I wanted to explain the architectural direction I have been exploring and w…”
GH↑ 1ljefford2-cmyk↗
“NemoClaw v0.0.59 is out — NemoClaw v0.0.59 is a broad patch release focused on keeping always-on agent sandboxes predictable as the OpenClaw, OpenShell, and local-inference layers keep moving. The release tightens OpenCl…”
GH↑ 6cv↗
“Differences between exploration systems and execution systems. — I’ve been following the NeMoClaw/OpenClaw discussions with interest, especially around sandboxing, prompt injection, memory poisoning, permission escalatio…”
GH↑ 1ljefford2-cmyk↗
“NemoClaw v0.0.63 is out — NemoClaw v0.0.63 is out NemoClaw v0.0.63 is a stability-focused patch release that tightens the boundary between preserved user state, sandbox recovery, and runtime safety. The release improves…”
GH↑ 4jyaunches↗
“Industrial Software Leaders Build Secure, Autonomous AI Engineers With NVIDIA NemoClaw - NVIDIA Blog — NVIDIA Blog”
NEWSNVIDIA Blog↗
“Advantech empowers the “AI Factory Brain” with NVIDIA’s NemoClaw - Design World — Design World”
NEWSDesign World↗
“Nvidia NemoClaw: What it is and how to try it - Mashable — Mashable”
NEWSMashable↗
You might also like
AI
career ops
Companies use AI to filter candidates. I just gave candidates AI to choose companies. Career-Ops (career-ops.org, also known as careerops) turns any AI coding CLI into a full job search command center. Instead of manually tracking applications in a spreadsheet, you get an AI-powered pipeline that: Career-ops is agentic: Claude Code navigates career pages with Playwright, evaluates fit by reasoning about your CV vs the job description (not keyword matching), and adapts your resume per listing.
AI
CLI Anything
CLI-Anything: Bridging the Gap Between AI Agents and the World's Software 🌐 CLI-Hub: pip install cli-anything-hub then cli-hub install — browse, install, and manage all community-built CLIs. Want to add your own? Open a PR — the hub updates instantly. 🎬 See Demos: Watch AI agents use generated CLIs plus preview, live preview, and trajectory loops to produce real artifacts — CAD builds, 3D scenes, diagrams, gameplay, subtitles, and more.
AI
odysseus
A self-hosted AI workspace -- meant to be the self-hosted version of the UI experience you get from ChatGPT and Claude. But with more jank and fun. Running on your own hardware, with your own data -- local-first, privacy-first, and no trojan. A full, hover-to-play tour lives on the landing page (docs/index.html). Defaults work out of the box: clone, run, then configure models/search/email inside Settings. Only edit .env for deployment-level overrides like APPBIND, APPPORT, AUTHENABLED, DATABASEURL, or a pre-seeded admin password.
AI
ai engineering from scratch
Most AI material teaches in scattered pieces. A paper here, a fine-tuning post there, a flashy agent demo somewhere else. The pieces rarely line up. You ship a chatbot but can't explain its loss curve. You hook a function to an agent but can't say what attention does inside the model that's calling it. This curriculum is the spine. 20 phases, 503 lessons, four languages: Python, TypeScript, Rust, Julia. Linear algebra at one end, autonomous swarms at the other. Every algorithm gets built from raw math first. Backprop. Tokenizer. Attention. Agent loop. By the time PyTorch shows up, you already know what it's doing under the hood. Each lesson runs the same loop: read the problem, derive the math, write the code, run the test, keep the artifact. No five-minute videos, no copy-paste deploys,