Announced at NVIDIA GTC · March 16, 2026
NemoClaw: NVIDIA's Security Stack for OpenClaw Autonomous Agents
What is NemoClaw?
NemoClaw is NVIDIA's open-source security reference stack that sandboxes the OpenClaw autonomous AI agent inside a controlled environment governed by the OpenShell secure runtime. It enforces policy-based privacy, network egress controls, and intent verification — preventing shell-level exploits and data exfiltration attacks.
2.3M+
Monthly OpenClaw searches
5
Security isolation layers
Mar 2026
GTC announcement date
Open Source
MIT licensed reference stack
What Is NemoClaw?
NemoClaw is an open-source security reference stack from NVIDIA that wraps the OpenClaw autonomous agent inside an isolated, policy-governed sandbox. It uses NVIDIA's OpenShell secure runtime to control what the agent can access, execute, and communicate — without removing its core capabilities.
OpenClaw gained mass traction as an autonomous AI agent capable of operating directly on a user's local hardware or cloud infrastructure. Because it can run shell commands, interact with files, and browse the web, developers recognized extreme security risks for enterprise environments.
NVIDIA answered this by developing NemoClaw — wrapping the OpenClaw agent inside a controlled sandbox governed by the OpenShell secure runtime. OpenShell sits between the agent and the underlying infrastructure, controlling exactly what the agent can access, execute, and where model calls are sent.
NemoClaw works as a plugin that integrates with the OpenClaw terminal and a blueprint that orchestrates all resources through OpenShell. Every action the agent proposes is verified against an operator-defined YAML policy file before execution is permitted.
NemoClaw vs OpenClaw
| Capability | OpenClaw | NemoClaw |
|---|---|---|
| Shell command execution | Unrestricted | Policy-gated |
| File system access | Full host access | Landlock sandboxed |
| Network outbound | Unrestricted | Allowlist only |
| PII handling | No stripping | Privacy router active |
| Intent verification | None | Per-action policy check |
| Production ready | Reference only | Alpha — not yet |
NemoClaw Security Architecture
NemoClaw implements five distinct security layers between the OpenClaw agent and the underlying infrastructure. Each layer addresses a specific attack surface — from raw file system access to cloud model data leakage. All layers operate under the OpenShell runtime policy enforcement engine.
| Security Layer | Mechanism of Protection | Vulnerability Addressed |
|---|---|---|
| Sandboxed Execution | Isolated containers with Landlock + seccomp filters | Prevents direct access to host file system or adjacent processes |
| Network Egress Control | All outbound connections blocked unless explicitly approved by operator policy | Prevents data exfiltration attacks where agents phone home |
| Minimal-Privilege Access | Least-privilege principles enforced per individual agent instance | One compromised agent cannot inherit permissions of another |
| Privacy Router | Strips personally identifiable information before cloud model calls | Prevents leakage of sensitive user data to third-party cloud models |
| Intent Verification | Validates agent's proposed actions against operator-defined policy | Forces injection attacks to produce an in-policy action to succeed |
Install NemoClaw
NemoClaw supports Linux natively via a single installer script. macOS requires Docker Desktop or Colima. Windows users must first install WSL2, then use the Docker Desktop backend. A remote VM path is available for teams requiring GPU inference at cloud scale.
The fastest path is Linux with Docker running and at least 8 GB of RAM:
# Linux — fastest install path curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash # Verify installation nemoclaw --version # Connect your first assistant nemoclaw my-assistant connect # Launch the OpenClaw terminal UI openclaw tuiComplete multi-OS install guide →
Supported Installation Paths
| Operating System | Prerequisites | Status |
|---|---|---|
| Linux | Docker + 8 GB RAM | Supported |
| macOS (Apple Silicon) | Docker Desktop / Colima | Supported |
| Windows | WSL2 + Docker Desktop | Supported |
| Remote VM (Ubuntu) | 24 GB VRAM | GPU Required |
| GitHub Codespaces | Free tier | Cloud Deploy |
NemoClaw Documentation Hub
Everything you need to understand, deploy, secure, and extend NemoClaw. Choose a topic.
What Is NemoClaw?
Full technical explanation of how NemoClaw sandboxes OpenClaw with NVIDIA OpenShell, covering its history and design goals.
Read more →TechnicalArchitecture & OpenShell Runtime
Deep dive into the five-layer security stack, the OpenShell runtime, and how NemoClaw integrates as an OpenClaw plugin.
Read more →SetupInstall NemoClaw
Complete installation guide for Linux, macOS, Windows, remote VMs, and GitHub Codespaces. Terminal commands included.
Read more →WindowsNemoClaw on Windows (WSL2)
Step-by-step Windows installation guide. Covers WSL2 setup, Docker Desktop backend configuration, and running your first agent.
Read more →SecuritySecurity Gaps & Hardening
Critical analysis of alpha vulnerabilities: indirect prompt injection, policy drift, multi-turn erosion, and supply chain risks.
Read more →ComparisonOpenClaw vs NemoClaw
Detailed comparison of OpenClaw's raw capabilities versus NemoClaw's security-first constraints. When to use each.
Read more →CompetitiveNemoClaw Alternatives
How NemoClaw competes with Claude Cowork, ChatGPT Agent, Manus, Kuse Cowork, and Eigent AI in 2026's agent landscape.
Read more →DownloadDownload NemoClaw
Official install scripts, GitHub repository links, Docker images, and quick-start commands to get NemoClaw running now.
Read more →Known Security Gaps in NemoClaw Alpha
NemoClaw is alpha software and is not production-ready. Its intent verification layer focuses on proposed actions rather than content returned by external tools, creating an attack surface for indirect prompt injection, policy drift, multi-turn erosion, and supply chain threats via community skills.
| Security Gap | Technical Mechanism | Mitigation Strategy |
|---|---|---|
| Indirect Prompt Injection | Malicious data from trusted sources bypasses intent verification by entering the agent reasoning chain | Sanitize all context windows before execution; treat external tool outputs as untrusted input |
| Policy Definition Quality | Overly permissive YAML operator policies allow attacks to pass through intent verification | Use hardened baseline policy templates; enforce policy review before any deployment |
| Multi-Turn Erosion | Intent verification validates per-action only — not cumulative behavioral patterns across sessions | Integrate continuous state audits; monitor behavioral drift across multi-turn agent sessions |
| Supply Chain Attacks | Vulnerable community-built third-party skills on ClawHub can compromise the agent environment | Use only vetted skills; pin skill versions; review source code before enabling any skill |
Frequently Asked Questions About NemoClaw
What is NemoClaw?
NemoClaw is an open-source security reference stack released by NVIDIA at the GTC conference on March 16, 2026. It wraps the OpenClaw autonomous AI agent inside a sandboxed environment governed by NVIDIA's OpenShell secure runtime, providing policy-based privacy guardrails and network egress controls.
What is the difference between NemoClaw and OpenClaw?
OpenClaw is the core autonomous agent platform — it operates on a user's local hardware, runs shell commands, interacts with files, and browses the web. NemoClaw is the security layer built on top of OpenClaw. It adds Landlock sandboxing, intent verification, and a privacy router to prevent data exfiltration and unauthorized access.
Is NemoClaw production-ready?
No. As of April 2026, NemoClaw is alpha software. Known gaps include susceptibility to indirect prompt injection attacks and reliance on well-crafted operator policy YAML files. It is intended as a reference stack, not a hardened production deployment.
How do I install NemoClaw on Linux?
Ensure Docker engine is running and you have at least 8 GB of RAM, then run: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash. For Windows, install WSL2 first via PowerShell as Administrator.
What is openclaw?
OpenClaw is an autonomous AI agent platform that acts as an operating system for personal AI. It can run shell commands, interact with files, browse the web, and take proactive actions across a user's machine. Because of these broad capabilities, NVIDIA developed NemoClaw as a secure runtime wrapper around it.
Ready to run NemoClaw?
Follow the complete installation guide for your operating system. Linux, macOS, Windows WSL2, remote VMs, and GitHub Codespaces all supported.