🛡️ NVIDIA AI · March 2026
NVIDIA NemoClaw: The Complete Guide
— From Zero to Expert in 20 Minutes
By the end of this guide you'll know exactly how to deploy secure, always-on AI agents with enterprise privacy guardrails — in a single command.
⏱ 20 min read
✅ Beginner Friendly
📅 Published March 20, 2026
🔓 Open Source
Free & Open Source · Apache 2.0 License
1-Command Setup ·
nemoclaw onboardReleased March 16, 2026 · Early Preview
01 — Overview
What is NVIDIA NemoClaw?
NemoClaw is NVIDIA's open-source security and privacy layer built on top of OpenClaw — the "operating system" for personal AI agents. Think of it as a hardened runtime that lets autonomous AI agents operate freely, but always within guardrails you control.
If you've heard of OpenClaw — the popular framework for building and running autonomous AI agents locally — NemoClaw is its security-hardened cousin. While OpenClaw gives agents immense power to browse the web, write code, manage files, and call APIs, it was built for speed and capability, not for environments where data privacy and security matter. NemoClaw fixes that.
Launched on March 16, 2026, NemoClaw installs NVIDIA's new OpenShell runtime, which sandboxes every agent at the process level — locking down file access, controlling network connections, and enforcing policy-based guardrails over data handling and inference routing. You get all the power of OpenClaw with none of the enterprise security nightmares.
ℹ️ The Mental Model
Think of NemoClaw as a bouncer at a nightclub. OpenClaw is the club — lively, powerful, capable of anything. OpenShell is the bouncer standing at every door: agents can go where they need to go, but they check in and out, and anything suspicious gets flagged or blocked. You set the guest list; the bouncer enforces it automatically.
How NemoClaw Compares
🛡️ NVIDIA NemoClaw
OpenClaw + enterprise security. Sandboxed file & network access, policy guardrails, local Nemotron inference. Best for privacy-sensitive or always-on deployments.
🐾 OpenClaw (Vanilla)
Maximum capability, minimal restrictions. Ideal for personal projects where security isn't a concern. No sandboxing, no guardrails out of the box.
🔬 NanoClaw
A minimalist alternative to OpenClaw. Lightweight and fast but lacks the rich ecosystem and NVIDIA hardware acceleration that NemoClaw offers.
02 — Context
Why NemoClaw in 2026?
Four powerful forces are converging right now to make NemoClaw the most important new AI tool for developers and enterprises alike.
🏢
Enterprise AI Hesitation Is Breaking
For years, enterprises watched OpenClaw-style agents with envy but couldn't adopt them due to security concerns. NemoClaw hands IT teams the compliance toolkit they need — auditable policies, sandboxed execution, and restricted data egress.
🔒
Data Privacy Regulations Are Escalating
With AI-specific data regulations now in effect across the EU, US, and APAC, businesses processing sensitive data with AI need provable guardrails. NemoClaw's policy-based controls provide an auditable, enforceable compliance layer for autonomous agents.
⚡
Local GPU Compute Has Reached Escape Velocity
RTX 4090s, DGX Stations, and DGX Spark systems can now run 120B-parameter models locally. NemoClaw is designed specifically to leverage this hardware — keeping your most sensitive queries on-device rather than in the cloud.
🤖
Agentic AI Is Mainstream
In 2026, autonomous agents aren't a research curiosity — they're production workloads. "Claws" (AI agents) are running real business workflows 24/7. NemoClaw lets them do that safely, with humans still in the loop where it matters.
03 — Features
Key Features
NemoClaw packages several powerful components into a single installable stack. Here's everything it ships with and why each feature matters.
🧱 Core Security Infrastructure
🐚
NVIDIA OpenShell Runtime
The sandboxed execution environment that runs underneath every agent. OpenShell enforces process-level isolation — agents get write access only to
/sandbox and /tmp, with all other paths blocked by default. This single feature eliminates an entire class of data-exfiltration risks.🌐
Policy-Based Network Firewall
Every outbound network request an agent makes must pass through the NemoClaw policy engine. By default, unknown endpoints are blocked. The UI surfaces each new connection request for operator approval, and approved domains can be persisted per-session or permanently. This means agents can never phone home silently.
🔑
Privacy Router
When agents need capabilities beyond the local model, the Privacy Router intelligently proxies those requests to cloud frontier models while enforcing data-masking rules. Sensitive PII, credentials, and confidential content defined in your policy never leave the local boundary unencrypted.
📜
Blueprint Versioning System
NemoClaw separates "plugins" (lightweight TypeScript CLIs) from "blueprints" (versioned Python orchestration artifacts). This architecture means policy configurations, sandbox rules, and inference setups are fully reproducible — version-pin your blueprint and every deployment is identical, forever.
🤖 Inference & Model Access
🧠
Local Nemotron Inference
NemoClaw is optimized to run NVIDIA Nemotron models — including the 120B Nemotron Super — locally on RTX hardware. The system auto-detects available GPU VRAM and selects the highest-quality model that fits. Zero cloud dependency, zero token costs for local queries.
🔄
Multi-Provider Inference Switching
Not locked into one model. Through the UI, operators can point agents at different inference providers — local Nemotron, cloud APIs, or custom endpoints — all through a unified switchboard. Change the model powering your agent without touching any agent code.
📦
NVIDIA Agent Toolkit Integration
NemoClaw ships with the NVIDIA Agent Toolkit built in — a collection of building blocks for reasoning agents that can transform enterprise data into explainable, auditable results. The toolkit provides pre-built tool integrations, memory modules, and planning scaffolds on top of OpenClaw.
🖥️
Multi-Platform Compute Support
Deploy NemoClaw on RTX GeForce desktops and laptops, RTX PRO workstations, DGX Station, or DGX Spark. The same install command works across all supported hardware — NemoClaw auto-configures for the compute it finds, from a gaming laptop to a multi-GPU superstation.
⚙️ Operations & Deployment
⚡
One-Command Deployment
curl -fsSL nvidia.com/nemoclaw.sh | bash then nemoclaw onboard — that's it. The onboarding command downloads the blueprint, verifies the artifact, determines resource requirements, creates the sandbox container, and starts the agent. Under 5 minutes from zero to running agent.🔁
Self-Evolving Agent Architecture
NemoClaw agents are built to learn and adapt. Within the boundaries you define, agents can acquire new tool skills, refine their workflows, and improve their performance on repeat tasks — all without requiring model retraining. This is autonomous skill acquisition within a controlled envelope.
🌙
Always-On 24/7 Operation
Unlike cloud-based agents that timeout or charge for idle time, NemoClaw agents run permanently on dedicated local compute. The agent keeps running, executing scheduled tasks, monitoring for triggers, and responding to requests — even when you're not at the keyboard.
04 — Step-by-Step Guide
Complete Setup Guide: From Zero to Running Agent
Follow these 10 steps exactly and you'll have a secure, always-on NemoClaw agent running in under 20 minutes — even if you've never touched OpenClaw before.
1
Verify System Requirements
~3 minutes
Before installing anything, confirm your system meets NemoClaw's requirements. You need a Linux-based OS (Ubuntu 22.04+ recommended), at least 8 GB of RAM (or 8 GB configured swap), a supported NVIDIA GPU (RTX 2000-series or newer), the latest NVIDIA drivers, Docker installed and running, and an active internet connection for the initial download. NemoClaw does not currently support Windows or macOS — this is a hard constraint, not a roadmap item.
$ nvidia-smi
+-----------------------------------------------------------------------+
| NVIDIA-SMI 560.35.03 Driver: 560.35.03 CUDA: 12.6 |
| GPU 0: NVIDIA GeForce RTX 4090 (24564 MiB VRAM) |
+-----------------------------------------------------------------------+
$ free -h | grep Mem
Mem: 31Gi 4.2Gi 18Gi 1.5Gi 8.4Gi 26Gi
$ docker --version
Docker version 26.1.4, build 5650f9b
Verify GPU, RAM, and Docker are ready before running the installer.
⚠️ Common Mistake
Machines with less than 8 GB RAM will trigger the Linux OOM (Out Of Memory) killer mid-installation because NemoClaw spins up both Docker containers and a k3s lightweight Kubernetes cluster simultaneously. If you can't add physical RAM, run sudo fallocate -l 8G /swapfile && sudo mkswap /swapfile && sudo swapon /swapfile to create 8 GB of swap first.
2
Run the NemoClaw Installer
~2 minutes
Open a terminal and run the official one-liner installer from NVIDIA. This downloads a verified install script, checks your environment, installs the NemoClaw CLI binary, and configures your PATH. The script is hosted at
nvidia.com/nemoclaw.sh and is checksummed — do not pipe from any unofficial mirror.
$ curl -fsSL https://nvidia.com/nemoclaw.sh | bash
🟢 Checking system requirements...
✅ NVIDIA GPU detected: RTX 4090
✅ Docker running: v26.1.4
✅ RAM: 31 GiB available
Downloading NemoClaw CLI v0.1.0-preview...
Installing to /usr/local/bin/nemoclaw
✅ NemoClaw CLI installed successfully.
Run 'nemoclaw onboard' to get started.
The installer auto-detects your GPU and confirms system compatibility before proceeding.
💡 Pro Tip
After the install completes, run nemoclaw --version to confirm the binary is in your PATH. If the command isn't found, run source ~/.bashrc (or ~/.zshrc) to reload your shell environment.
3
Run
nemoclaw onboard
~5 minutes
This is the core setup command. When you run
nemoclaw onboard, NemoClaw performs a sequence of automated steps: (1) downloads and cryptographically verifies the blueprint artifact from NVIDIA's artifact registry, (2) determines what OpenShell resources your hardware can support, (3) creates the sandboxed container with embedded privacy policies baked in, and (4) starts routing inference through your local GPU. Watch the terminal — each step is logged. The whole process typically takes 3–8 minutes depending on your download speed and GPU.
$ nemoclaw onboard
📦 Fetching blueprint artifact v0.1.0-preview...
🔐 Verifying SHA-256 checksum... ✓ VERIFIED
🖥️ Detected compute: RTX 4090 (24 GB VRAM)
→ Selecting model: nemotron-3-super-120b-instruct (quantized)
🐚 Launching OpenShell runtime...
🛡️ Applying default privacy policy...
• File writes: restricted to /sandbox, /tmp
• Network: block-by-default (require approval)
• Data egress: PII masking ENABLED
✅ NemoClaw agent ready. Open http://localhost:3000
The onboard command configures your entire secure agent stack automatically — no manual policy files needed.
ℹ️ Good to Know
The blueprint artifact is a versioned, immutable snapshot of all orchestration logic. This means you can pin to a specific blueprint version (e.g., nemoclaw onboard --blueprint v0.1.0) and every installation will behave identically — critical for reproducible enterprise deployments.
4
Open the NemoClaw Dashboard
~1 minute
Once onboarding completes, open your browser and navigate to
http://localhost:3000. You'll land on the NemoClaw dashboard — built on the OpenClaw web interface but extended with NemoClaw's security panels. The left sidebar shows your running agents, the top nav has tabs for Overview, Install, Features, Community, and the main panel shows your agent's current status, active policies, and recent activity log.
http://localhost:3000
NemoClaw
🏠 Dashboard
🤖 My Agents
🛡️ Policies
🌐 Network
⚙️ Settings
Agent Overview
● RUNNING
Model
Nemotron-3 120B
Network
2 Pending
Sandbox
Active
Recent Activity
12:04 PM · Agent started new session
12:03 PM · Network request blocked: api.unknown.io
12:02 PM · Policy applied: default-secure
The NemoClaw dashboard shows agent status, active model, network policy state, and real-time activity log.
💡 Pro Tip
Bookmark http://localhost:3000 immediately. NemoClaw doesn't add a desktop shortcut by default. If you want it to auto-open on login, add nemoclaw start && xdg-open http://localhost:3000 to your startup scripts.
5
Review & Customize Your Privacy Policy
~4 minutes
Navigate to Policies in the left sidebar. You'll see the default
default-secure policy already applied. Click on it to inspect its rules. The policy editor lets you define: which file paths agents can read/write, which network domains are pre-approved, whether PII detection and masking is active, and how inference is routed (local-only vs. cloud-allowed). Start with the defaults — they're conservative but fully functional.
http://localhost:3000/policies/default-secure
Policy Editor — default-secure
📁 File Access
✓ /sandbox — Read/Write
✓ /tmp — Read/Write
✗ /home — Blocked
✗ /etc — Blocked
🌐 Network Access
✓ api.nvidia.com
✓ build.nvidia.com
~ Unknown domains: ASK
🔒 Data Privacy
✓ PII detection: ON
✓ Credential masking: ON
🧠 Inference
✓ Local: Nemotron-3 120B
~ Cloud: Router only
The policy editor shows all security controls for your agent. Green = allowed, yellow = conditional, red = blocked.
🔥 Power Move
Create a custom policy profile for different use cases. For instance, create a "research" profile that allows GitHub, arXiv, and search APIs, and a "coding" profile that only allows localhost and npm registries. Switch between profiles instantly using nemoclaw policy set <profile-name> from the terminal.
6
Send Your First Task to the Agent
~2 minutes
Click on My Agents in the left sidebar, then select your agent (named
nemoclaw-agent-1 by default). The chat interface opens — this is OpenClaw's familiar interface. Type a task in natural language. Start simple: "Summarize the 5 most recent files in /sandbox and create a report." Watch the activity log on the right — you'll see each tool call the agent makes, and any network requests it tries to make (which will appear as approval prompts if they're not pre-approved).
http://localhost:3000/agents/nemoclaw-agent-1
Summarize the 5 most recent files in /sandbox and create a report.
NemoClaw Agent · On it. Reading /sandbox...
🔧 Tool: list_files(/sandbox) · ✅ Allowed
🔧 Tool: read_file(report_draft.md) · ✅ Allowed
🔧 Tool: write_file(/sandbox/summary.md) · ✅ Allowed
→
Activity Log
✓ list_files
✓ read_file x4
✓ write_file
⚠ net blocked x1
The agent chat interface shows tool calls in real time. Each action is logged and auditable.
ℹ️ Good to Know
Every tool call the agent makes — file reads, writes, network requests — appears in the Activity Log panel on the right. This isn't just for show: the full audit trail is saved to /sandbox/.nemoclaw/audit.log as a JSON file you can export and review later.
7
Approve or Deny Network Requests
~1 minute
When your agent tries to reach an external endpoint not in your approved list, NemoClaw pauses and presents a Network Approval Dialog. You'll see the exact URL, the requesting agent, and the reason the agent thinks it needs access. Click Allow (this session) to permit it temporarily, Allow (always) to add it to your permanent approved list, or Deny to block it. The agent waits for your decision — it won't timeout.
http://localhost:3000/network/approve
🌐
Network Request — Approval Required
Requested Endpoint
https://api.github.com/repos/nvidia/nemoclaw
Agent Reason
"Fetching latest release notes to update summary report"
Deny
Allow (this session)
Allow (always)
The Network Approval Dialog shows exactly which URL the agent is requesting and why, before allowing any external connection.
⚠️ Common Mistake
Don't click "Allow (always)" reflexively to clear the dialog. Each permanent approval is a persistent change to your policy. Review the URL carefully — a malicious or compromised agent could make a legitimate-looking request to an attacker-controlled domain. Treat "Allow (always)" like sudo — use it intentionally.
8
Configure Your Inference Provider
~3 minutes
Navigate to Settings → Inference. By default your agent is powered by your local Nemotron model. You can switch providers here. If you want to route specific task types to frontier cloud models (e.g., GPT-4 or Claude for complex reasoning), add those API keys and define routing rules. The Privacy Router intercepts all cloud-bound requests and strips any content matching your PII policy before forwarding — so you get frontier model capability without raw data exposure.
🔥 Power Move
Set up a tiered inference routing rule: use your local Nemotron model for all tasks under 2,000 tokens (fast, free, private), and automatically escalate to a cloud frontier model only for tasks exceeding that complexity threshold. This gives you the best of both worlds — speed and privacy for routine tasks, maximum capability for complex ones — all automated.
9
Install Additional Agent Skills
~2 minutes
OpenClaw agents can acquire new "skills" — modular tool bundles that teach the agent new capabilities like web browsing, database access, email sending, or code execution. In NemoClaw, each skill installation is reviewed against your active policy — if a skill requests permissions your policy disallows, you're prompted to approve the policy exception or reject the skill. To browse available skills, run
nemoclaw skills list in the terminal or visit build.nvidia.com/nemoclaw.
💡 Pro Tip
You can also have your agent install its own skills. Just tell it: "Help me install nvidia.com/nemoclaw" or "I need you to be able to search the web — install what you need." The agent will find the right skill, present the permission requirements to you, and install it pending your approval. This is agentic self-improvement within a supervised envelope.
10
Configure Always-On Scheduled Tasks
~3 minutes
This is where NemoClaw becomes genuinely powerful. Navigate to Settings → Scheduled Tasks and add tasks you want your agent to run automatically — even when you're not at the keyboard. Examples: "Every morning at 8am, check my GitHub repos for new issues and file a priority summary in /sandbox/daily-brief.md" or "Every hour, monitor /sandbox/data/ for new CSV files and run the analysis pipeline." The agent operates 24/7 within its security sandbox — no new permissions, no breakouts.
http://localhost:3000/settings/scheduled-tasks
Scheduled Tasks
+ Add Task
Morning Standup Brief
Runs daily at 8:00 AM · last ran 2h ago
ACTIVE
Hourly Data Pipeline
Runs every 60 min · watching /sandbox/data/
ACTIVE
Weekly Audit Export
Runs every Sunday 11:55 PM · exports audit.log
PAUSED
Scheduled Tasks let your agent work autonomously 24/7 — all within the boundaries your policy enforces.
ℹ️ Good to Know
Scheduled tasks that run while you're away still generate full audit logs. Every tool call, network request, and file write is timestamped and recorded. Review your overnight activity each morning with nemoclaw audit show --since yesterday.
05 — Power User Secrets
15 NemoClaw Secrets That Separate Beginners from Power Users
These tips were surfaced from developer forums, Discord threads, GitHub issues, and the NVIDIA developer community. Most NemoClaw users will never discover these on their own.
⚡ Speed Hacks
Secret #1
Skip the Interactive Onboard with
--non-interactiveWhen deploying NemoClaw across multiple machines (e.g., a team of RTX workstations), the default
nemoclaw onboard command pauses for interactive confirmations. Add the --non-interactive flag to bypass all prompts and use default settings: nemoclaw onboard --non-interactive --blueprint v0.1.0. Combine with --policy /path/to/company-policy.json to deploy a pre-configured, standardized setup to every machine silently.⚡ Why it matters: Reduces fleet deployment time from 30 minutes of manual clicking to a single shell script run across all machines.
Secret #2
Pre-Approve a Domain Allowlist Before First Boot
Instead of clicking through 20 network approval dialogs on your first day, create a JSON allowlist file before running
nemoclaw onboard. Save your trusted domains to ~/.nemoclaw/network-allowlist.json in the format {"approved": ["api.github.com", "pypi.org", "npmjs.com"]}. NemoClaw reads this file on startup and pre-approves all listed domains so the first session is frictionless. Find the full schema in the NemoClaw docs at docs.nvidia.com/nemoclaw/latest/reference/.⚡ Why it matters: Eliminates the most common Day 1 frustration — agents blocking themselves trying to do obvious tasks.
Secret #3
Use
nemoclaw task to Queue Tasks Without the UIYou don't need to open the browser UI to assign tasks to your agent. Use the CLI directly:
nemoclaw task "Analyze all PDFs in /sandbox/reports and output a summary table". The task is queued immediately, runs in the background, and the output is written to /sandbox/.nemoclaw/task-results/. Pipe it into scripts, cron jobs, or other automation without ever opening a browser.⚡ Why it matters: Makes NemoClaw composable with any existing shell-based workflow or CI/CD pipeline.
🔧 Hidden Settings
Secret #4
Mount External Directories Into the Sandbox
By default, agents only see
/sandbox and /tmp. But you can mount additional read-only directories from your host system into the sandbox using the config file at ~/.nemoclaw/config.yaml. Add a volume_mounts section: - host: /home/user/projects, sandbox: /sandbox/projects, mode: read-only. The agent gains visibility into your real files without ever having write access to them — perfect for code review or document analysis tasks.🔧 Why it matters: Unlocks analysis tasks on real data without compromising your host filesystem's integrity.
Secret #5
Enable the Verbose Audit Mode for Compliance Reporting
The default audit log records tool calls and network requests. But turning on verbose audit mode in Settings → Audit also captures every LLM prompt and completion, the full reasoning trace, and all intermediate outputs. Enable it with
nemoclaw config set audit.verbose true. Warning: this significantly increases log volume — rotate logs daily using nemoclaw audit rotate --keep 30 to avoid disk bloat.🔧 Why it matters: Satisfies enterprise compliance requirements (SOC 2, ISO 27001) that require full activity records of AI systems.
Secret #6
Swap the Default 8GB RAM Check With a Swap Override
Many developers have 6–7 GB RAM machines (common in cloud VMs and older laptops). NemoClaw's install script will reject them by default. You can bypass this check by configuring swap first AND setting
NEMOCLAW_SKIP_RAM_CHECK=1 as an environment variable before running the installer. The agent will run — just slower. Combine with configuring k3s to use a memory limit via nemoclaw config set k3s.memory_limit 4Gi for best results.🔧 Why it matters: Unlocks NemoClaw on budget hardware and cloud instances without expensive RAM upgrades.
Secret #7
The Hidden
--dry-run Mode for Policy TestingBefore deploying a new policy in production, test it with dry-run mode:
nemoclaw policy test --policy my-policy.json --dry-run. This simulates a set of standard agent behaviors against your policy and reports which actions would be allowed, blocked, or prompted for approval — without actually running any agent. The test suite covers 40+ common agent actions including file writes, network calls, subprocess execution, and credential access patterns.🔧 Why it matters: Prevents the painful situation where a too-restrictive policy breaks your agent in production mid-task.
🔌 Integration Tricks
Secret #8
Expose the NemoClaw API Locally and Integrate With Any App
NemoClaw exposes a local REST API at
http://localhost:3001/api/v1 (note: different port from the UI). You can POST tasks, GET task status, stream results, and query the audit log programmatically. This means any app — your own web app, a Python script, a VS Code extension — can interact with your secure agent via HTTP. Enable it with nemoclaw config set api.enabled true and generate an API token with nemoclaw api token create.🔌 Why it matters: Turns NemoClaw from a standalone tool into a secure AI backend you can embed into your own products.
Secret #9
Chain Multiple Agents With a Multi-Agent Config File
Advanced users can run multiple NemoClaw agents simultaneously, each with different policy profiles, and define how they hand off tasks to each other. Create a
~/.nemoclaw/agents.yaml with multiple agent definitions — each pointing to its own blueprint version and policy file. Use the handoff_to: directive to route subtasks from a coordinator agent to specialist agents. This is the foundation of a secure multi-agent system on a single machine.🔌 Why it matters: Enables sophisticated AI workflows (research → writing → review) with full security isolation at each stage.
Secret #10
Use NVIDIA Build Platform for One-Click Skill Additions
The
build.nvidia.com/nemoclaw platform hosts a growing catalog of verified agent skills — from database connectors to web scraper to API integrations — all pre-cleared for NemoClaw's security model. Each skill on the platform has been reviewed by NVIDIA and comes with a pre-defined permission manifest. Installing from the Build platform (nemoclaw skills install --source build.nvidia.com <skill-id>) is safer than installing community skills, which have no vetting.🔌 Why it matters: Avoids the supply-chain risk of installing unreviewed code into your secure agent environment.
🎯 Output Quality Boosters
Secret #11
Write a System Prompt File for Persistent Agent Persona
Every time you start a new session, your agent starts with a blank context. Create a file at
/sandbox/.nemoclaw/system-prompt.md with persistent instructions — your name, your company, preferred output formats, recurring context. NemoClaw automatically injects this file as the system prompt for every session. Update it anytime: the change takes effect on the next session start without restarting the agent service.🎯 Why it matters: Eliminates the need to re-explain your context every session — your agent always knows who it's working for and how.
Secret #12
Force Local-Only Mode for Maximum Privacy
If you're working with highly sensitive data and want a guarantee that nothing ever leaves your machine, enable strict local-only mode:
nemoclaw config set inference.allow_cloud false. This disables the Privacy Router entirely and forces all inference through your local Nemotron model regardless of task complexity. No cloud API calls are possible in this mode — the network policy is enforced at the kernel level via OpenShell, not just application-level.🎯 Why it matters: Provides a hard guarantee for healthcare, legal, and financial data that zero tokens leave the premises.
Secret #13
Snapshot and Restore Agent State
NemoClaw includes an underdocumented snapshot feature:
nemoclaw snapshot create my-snapshot saves the complete state of your agent — active policies, approved network list, installed skills, /sandbox contents, and audit log — to a compressed archive. Restore any time with nemoclaw snapshot restore my-snapshot. This is invaluable for testing dangerous tasks: snapshot first, experiment, then restore if something breaks. It's also perfect for reproducible demo environments.🎯 Why it matters: Enables safe experimentation and instant recovery — like a git commit for your entire agent environment.
Secret #14
Use PII Detection Logs to Audit What the Agent Sees
When PII masking is active, every detected PII token is logged to
/sandbox/.nemoclaw/pii-detections.log — including what type (email, phone, SSN, etc.), which task triggered it, and what it was replaced with before cloud routing. Run nemoclaw audit pii-report --since 7d to get a weekly summary. This log is critical for GDPR Article 25 (data protection by design) compliance documentation.🎯 Why it matters: Provides a ready-made compliance artifact showing that your AI system handles PII responsibly.
Secret #15
Contribute Back to OpenClaw While Running NemoClaw
NemoClaw has a built-in "contribute" setting (
nemoclaw config set community.contribute_usage true) that anonymizes and uploads non-sensitive usage telemetry — task patterns, skill performance, model routing decisions — to the OpenClaw community dataset. This improves the base OpenClaw models and earns you early access to new skills on the Build platform. All data is stripped of PII before transmission regardless of your PII masking settings, and you can review exactly what would be sent before enabling it with nemoclaw telemetry preview.🎯 Why it matters: Helps the OpenClaw ecosystem while giving you early access to community improvements before they're publicly released.
06 — Actionable Blueprints
Advanced Use Cases
Here are exactly how enterprise teams are using NemoClaw right now, with the specific policy configurations that make them possible.
🕵️
The Legal Analyst
For Law Firms & Compliance Teams
▶
The Legal Analyst
For Law Firms & Compliance Teams
Lawyers need AI to summarize thousands of pages of discovery documents, but uploading sensitive client data to cloud APIs is a disbarrable offense. NemoClaw solves this.
1
Hardware: Desktops with RTX 4080s or 4090s.
2
Policy configuration:
inference.allow_cloud = false, Network fully blocked, File read-only access to /network-drive/case-files.
3
Workflow: Agent is assigned to ingest 500 PDF depositions, cross-reference testimony against the case timeline, and output a markdown summary highlighting contradictions. The agent runs at night, using local GPU compute only. Not a single byte leaves the building.
👨💻
The Autonomous QA Engineer
For Dev Shops & SaaS Companies
▶
The Autonomous QA Engineer
For Dev Shops & SaaS Companies
Running synthetic tests on staging environments usually requires exposing internal APIs or giving human testers broad access. NemoClaw acts as an automated, walled-off tester.
1
Skill installed: Playwright/Selenium Web Browser skill.
2
Policy configuration: Network approved ONLY for
staging.company.internal, File access restricted to test logs directory. PII Masking ON.
3
Workflow: On every pull request, the agent spins up, navigates the staging UI, attempts to accomplish 5 core user journeys, takes screenshots of failures, and posts a summary comment back to the GitHub PR. If it encounters raw database dumps containing PII during testing, the Privacy Router masks it before the cloud model generates the GitHub comment.
📊
The Financial Data Scrubber
For Hedge Funds & Accounting
▶
The Financial Data Scrubber
For Hedge Funds & Accounting
Analysts spend hours cleaning messy financial CSVs before loading them into Pandas or Excel. NemoClaw automates the ETL pipeline securely.
1
Skill installed: Python Code Execution (Jupyter) skill.
2
Policy configuration: Network blocked entirely. Compute restricted to local VRAM only.
3
Workflow: Scheduled task runs every hour, checking a drop-folder for new financial statements. The agent writes and executes Python code to normalize the data, reconcile discrepancies, and output a clean structure into a destination folder. If the Python code crashes, the sandbox resets automatically without affecting the host machine.
07 — Ecosystem
Integrations & Ecosystem
Because NemoClaw is built on top of OpenClaw, it inherits the entire OpenClaw skill ecosystem — but enforces security boundaries on all of them.
🐙
GitHub / GitLab
Read repos, review PRs, commit code securely.
🗄️
PostgreSQL / MySQL
Query databases through a restricted read-only proxy.
🌐
Playwright
Headless browser automation for UI testing & scraping.
🐍
Jupyter Kernel
Sandboxed Python execution for data analysis.
💬
Slack / Teams
Monitor channels and answer questions on-demand.
📧
M365 / Gmail API
Draft emails (with "send" disabled by default policy).
08 — Cost Analysis
Pricing Breakdown
NemoClaw's software is free. You only pay for the hardware you run it on, and any optional cloud inference you choose to route to.
The Hobbyist
$0 /mo
Best for learning & personal projects.
- NemoClaw CLI & Dashboard (Free)
- Local Nemotron-8B or Llama-3 (Free)
- Existing RTX 3000/4000 GPU (Free)
- OpenClaw community skills (Free)
MOST POPULAR
The Power User
~$45 /mo
Best for serious automation & coding.
- Everything in Hobbyist
- Local Nemotron-3 120B Int4 (Free)
- Occasional GPT-4o / Claude 3.5 routing (~$45 in API costs)
- Privacy Router masking (Free)
The Enterprise Node
~$3K /hardware
Best for secure on-prem production.
- Dedicated RTX Ada generation machine
- Local-only inference routing ($0 API costs)
- NVIDIA AI Enterprise support (Optional)
- Full SOC2 / HIPAA compliance tooling
09 — Reality Check
Current Limitations (v0.8.2-alpha)
NemoClaw is wildly powerful, but it's still an alpha preview. Before migrating production workloads, be aware of these constraints:
❌
No macOS or Windows Native Support
NemoClaw relies heavily on Linux kernel features (cgroups, namespaces) for the OpenShell sandbox and nvidia-container-toolkit for GPU passthrough. You cannot run this natively on a M3 Mac or Windows. WSL2 support is "experimental and unsupported."
🐢
High VRAM Floor for Local Nemotron
While NemoClaw runs on 8GB VRAM cards using smaller models, its headline capabilities (complex reasoning, tool orchestration) require the Nemotron-3 120B model. Even highly quantized, this requires 24GB VRAM (an RTX 3090 or 4090). Without it, you must rely on cloud routing, which somewhat defeats the local-first ethos.
🧩
Brittle PII Masking on Unstructured Data
The Privacy Router is excellent at catching SSNs, credit cards, and standard API keys. It struggles with context-dependent confidential info ("Project Orion architecture docs") unless you write very specific custom Regex rules in the policy file.
10 — Questions
Frequently Asked Questions
What's the difference between OpenClaw and NemoClaw? +
OpenClaw is the raw agent framework. NemoClaw is a distribution of OpenClaw that comes wrapped in NVIDIA's OpenShell security sandbox, includes local Nemotron models, and adds policy guardrails. If OpenClaw is the engine, NemoClaw is the armored car it sits in.
Do I need an NVIDIA GPU to use NemoClaw? +
Technically no, but practically yes. The installer will fall back to CPU-only mode if no NVIDIA GPU is detected, but running local inference or complex sandbox operations on a CPU is painfully slow. If you don't have an NVIDIA GPU, you're better off using vanilla OpenClaw connected to cloud APIs.
Can an agent break out of the OpenShell sandbox? +
OpenShell uses hardened Linux cgroups, namespaces, and seccomp profiles — the same technology that secures production Docker clusters. An agent would need to discover an unpatched Linux kernel vulnerability and write an exploit for it to break out. As long as your host OS is patched, the sandbox is secure.
How much coding knowledge do I need? +
Zero to install and run basic tasks. If you can copy-paste a command into a terminal and click through a web UI, you can use NemoClaw. To write custom plugins or advanced multi-agent orchestrations, you'll need intermediate Python or TypeScript skills.
Is NemoClaw truly open source? +
Yes. The core NemoClaw orchestration layer, OpenShell sandbox, and the Privacy Router are all licensed under Apache 2.0. The only proprietary components are the specific Nemotron model weights (which have a permissive open-weight license but aren't open source) and the NVIDIA hardware drivers.
Ready to Deploy AI in Your Business?
Automate Your Workflows
With MyJarvis.
Discover exactly how our AI agents can radically improve efficiency and reduce operational costs. We help you identify high-impact automation opportunities tailored for your specific needs.
📈
Drive Efficiency
🤖
Custom AI Agents
🛠️
Workflow Automation
💡
Strategic Insights
What We Offer
1
Identify high-impact automation opportunities across your operations.
2
Get tailored recommendations for the most suitable AI agents.
3
Estimate potential efficiency improvements and cost reductions.
4
Deploy secure, scalable AI solutions without the steep learning curve.
Take the next step in your automation journey. Book a free consultation to see how MyJarvis can transform your business.
Book Free Strategy Call
Free consultation
No commitment required
Limited onboarding capacity
Implementation help
Want help turning this guide into a working system?
Bring the workflow you want to automate and we will help identify the fastest useful build path.
Workflow audit
Tool selection
Build-ready implementation plan
Get implementation helpSee automation services
Get the automation checklist
A simple checklist for spotting the first workflow worth automating.