NVIDIA / NemoClaw

NVIDIA NemoClaw: OpenClaw Plugin for OpenShell NVIDIA NemoClaw is an open source stack that simplifies running OpenClaw always-on assistants safely. It installs the NVIDIA OpenShell runtime, part of NVIDIA Agent Toolkit, a secure environment for running autonomous agents, with inference routed through NVIDIA cloud. > **Alpha software** > > NemoClaw is early-stage. Expect rough edges. We are building toward production-ready sandbox orchestration, but the starting point is getting your own environment up and running. > Interfaces, APIs, and behavior may change without notice as we iterate on the design. > The project is shared to gather feedback and enable early experimentation, but it > should not yet be considered production-ready. > We welcome issues and discussion from the community while the project evolves. --- Quick Start Follow these steps to get started with NemoClaw and your first sandboxed OpenClaw agent. :::{note} NemoClaw currently requires a fresh installation of OpenClaw. ::: Prerequisites Check the prerequisites before you start to ensure you have the necessary software and hardware to run NemoClaw. Software • Linux Ubuntu 22.04 LTS releases and later • Node.js 20+ and npm 10+ (the installer recommends Node.js 22) • Docker installed and running • NVIDIA OpenShell installed Install NemoClaw and Onboard OpenClaw Agent Download and run the installer script. The script installs Node.js if it is not already present, then runs the guided onboard wizard to create a sandbox, configure inference, and apply security policies. When the install completes, a summary confirms the running environment: Chat with the Agent Connect to the sandbox, then chat with the agent through the TUI or the CLI. OpenClaw TUI The OpenClaw TUI opens an interactive chat interface. Type a message and press Enter to send it to the agent: Send a test message to the agent and verify you receive a response. OpenClaw CLI Use the OpenClaw CLI to send a single message and print the response: --- How It Works NemoClaw installs the NVIDIA OpenShell runtime and Nemotron models, then uses a versioned blueprint to create a sandboxed environment where every network request, file access, and inference call is governed by declarative policy. The CLI orchestrates the full stack: OpenShell gateway, sandbox, inference provider, and network policy. | Component | Role | |------------------|-------------------------------------------------------------------------------------------| | **Plugin** | TypeScript CLI commands for launch, connect, status, and logs. | | **Blueprint** | Versioned Python artifact that orchestrates sandbox creation, policy, and inference setup. | | **Sandbox** | Isolated OpenShell container running OpenClaw with policy-enforced egress and filesystem. | | **Inference** | NVIDIA cloud model calls, routed through the OpenShell gateway, transparent to the agent. | The blueprint lifecycle follows four stages: resolve the artifact, verify its digest, plan the resources, and apply through the OpenShell CLI. When something goes wrong, errors may originate from either NemoClaw or the OpenShell layer underneath. Run for NemoClaw-level health and to check the underlying sandbox state. --- Inference Inference requests from the agent never leave the sandbox directly. OpenShell intercepts every call and routes it to the NVIDIA cloud provider. | Provider | Model | Use Case | |--------------|--------------------------------------|-------------------------------------------------| | NVIDIA cloud | | Production. Requires an NVIDIA API key. | Get an API key from build.nvidia.com. The command prompts for this key during setup. --- Protection Layers The sandbox starts with a strict baseline policy that controls network egress and filesystem access: | Layer | What it protects | When it applies | |------------|-----------------------------------------------------|-----------------------------| | Network | Blocks unauthorized outbound connections. | Hot-reloadable at runtime. | | Filesystem | Prevents reads/writes outside and .| Locked at sandbox creation. | | Process | Blocks privilege escalation and dangerous syscalls. | Locked at sandbox creation. | | Inference | Reroutes model API calls to controlled backends. | Hot-reloadable at runtime. | When the agent tries to reach an unlisted host, OpenShell blocks the request and surfaces it in the TUI for operator approval. --- Key Commands Host commands ( ) Run these on the host to set up, connect to, and manage sandboxes. | Command | Description | |--------------------------------------|--------------------------------------------------------| | | Interactive setup wizard: gateway, providers, sandbox. | | | Deploy to a remote GPU instance through Brev. | | | Open an interactive shell inside the sandbox. | | | Launch the OpenShell TUI for monitoring and approvals. | | / / | Manage auxiliary services (Telegram bridge, tunnel). | Plugin commands ( ) Run these inside the OpenClaw CLI. These commands are under active development and may not all be functional yet. | Command | Description | |--------------------------------------------|----------------------------------------------------------| | | Bootstrap OpenClaw inside an OpenShell sandbox. | | | Show sandbox health, blueprint state, and inference. | | | Stream blueprint execution and sandbox logs. | See the full CLI reference for all commands, flags, and options. > **Known limitations:** > - The plugin commands are under active development. Use the host CLI as the primary interface. > - Setup may require manual workarounds on some platforms. File an issue if you encounter blockers. --- Learn More Refer to the documentation for more information on NemoClaw. • Overview: what NemoClaw does and how it fits together • How It Works: plugin, blueprint, and sandbox lifecycle • Architecture: plugin structure, blueprint lifecycle, and sandbox environment • Inference Profiles: NVIDIA cloud inferen…