NemoClaw is NVIDIA’s security focused runtime for OpenClaw agents, introduced at GTC. It addresses a growing problem with autonomous agents running with broad permissions. As OpenClaw adoption increased, so did concerns around data access, execution safety, and uncontrolled behavior. NemoClaw adds a structured layer that enforces how agents interact with systems and external services.
At its core, NemoClaw uses OpenShell to run agents inside sandboxed environments. Every action, including file access, network calls, and model inference, is governed by policy. Inference requests are routed through a gateway instead of direct calls, allowing better control over privacy and provider usage. This design shifts responsibility from the developer to the runtime.
While setup is still rough in early preview, the direction is clear. NemoClaw brings predictability, security, and reproducibility to agent workflows. For developers and enterprises running always on agents, it provides the control needed to move from experimentation to real deployment.
After weeks of rumors, Jensen Huang finally revealed NemoClaw during NVIDIA GTC 2026 as a security focused layer for the OpenClaw ecosystem. The goal is to autonomous agents safer to run without limiting what they can do.
OpenClaw went viral in a matter of weeks and that momentum also exposed a bunch of security concerns. Agents often run with broad permissions, which makes data access and execution harder to control in practice.
NVIDIA’s answer is NemoClaw.
What is NemoClaw?
It is a runtime layer that sits on top of OpenClaw and enforces how agents behave. It does not replace OpenClaw. It constrains it.
You still get autonomous agents, but they run inside a controlled environment with explicit rules for data access, network calls, and execution.
NVIDIA implements this using OpenShell, which acts as the secure execution layer. Every agent runs inside a sandbox, and every action passes through policy checks. That includes file access, outbound requests, and model inference.
Here’s what the NemoClaw workflow looks like:
NemoClaw also supports open models like Nemotron. You can run them locally or route requests to cloud providers. The important detail is that the agent never talks to those providers directly. The runtime sits in between and controls the flow.
NVIDIA Releases NemoClaw to Improve OpenClaw's Security | AIBlog
What you end up with is not just an agent framework. It is an agent runtime with enforced boundaries.
What is OpenShell?
OpenShell is the foundation that makes NemoClaw work.
It is a secure runtime designed to execute autonomous agents inside isolated environments. Instead of letting agents interact directly with your system, OpenShell inserts a control layer between the agent and everything it touches.
NemoClaw architecture. Image from NVIDIA
Each agent runs inside a sandboxed container. That sandbox enforces strict rules:
File access is limited to specific directories
Network traffic is filtered through policy
System resources are isolated
These rules are defined using declarative policies. You describe what the agent is allowed to do, and OpenShell enforces it at runtime.
Inference also flows through OpenShell. When an agent calls a model, the request goes through a gateway that decides where it should be routed. That could be a local model, an NVIDIA endpoint, or another provider.
The key idea is control through indirection.
The agent never interacts with the outside world directly. OpenShell mediates every action, which makes behavior predictable and easier to audit.
How to set up NemoClaw
Before installing, make sure your system meets the requirements.
You need a Linux environment, ideally Ubuntu 22.04 or newer. Docker must be installed and running. Node.js should be version 20 or higher. OpenShell also needs to be available.
If you plan to run models locally, you will need an NVIDIA GPU. This is optional but useful for performance and privacy.
The installation itself is one command:
curl -fsSL https://nvidia.com/nemoclaw.sh | bash
The script handles most of the setup. It installs missing dependencies, integrates with OpenClaw, and launches a guided onboarding flow.
During setup, you create a sandbox, configure inference, and apply security policies. This step is interactive, which helps avoid misconfiguration.
Once it completes, you get a summary of your environment. At this point, your agent is already running inside a sandbox.
To interact with it, connect to the environment:
nemoclaw my-assistant connectopenclaw tui
This opens the interactive interface where you can chat with your agent.
If you prefer automation, you can use the CLI to send messages directly.
From here, it behaves like a normal OpenClaw agent. The difference is that every action now goes through the runtime.
If something breaks, you have two layers to check. The NemoClaw CLI shows high level status. OpenShell exposes the underlying sandbox state. Logs can be streamed in real time, which makes debugging easier.
If you do not have a Linux setup, you can try NemoClaw through NVIDIA’s hosted environments. Open this page and click on the “Try for free” button on the upper right corner.
You will be redirected to the NVIDIA Brev dashboard where you customize a launch environment to host the Nemoclaw instance.
Running a NemoClaw instance on NVIDIA Brev platform. Image by Jim Clyde Monge
This gives you a preconfigured system without local installation.
For more details, refer to the official documentation:
OpenClaw and NemoClaw share the same foundation, but they operate at different layers.
OpenClaw is a platform for building agents. It focuses on flexibility and rapid iteration. You can install it, add capabilities, and start running agents quickly.
NemoClaw defines how those agents are allowed to run.
With OpenClaw alone, agents can access files, call APIs, and execute code with minimal constraints if configured that way. That flexibility is useful, but it puts the burden of safety on the developer.
NemoClaw moves that responsibility into the runtime.
Agents run inside a sandbox managed by OpenShell. File access is restricted. Network calls are filtered. Inference is routed through a controlled gateway.
Here’s a side by side comparison of the two:
NemoClaw vs OpenClaw. Image by Jim Clyde Monge
You are no longer relying on the agent to behave correctly. The system enforces what it can and cannot do.
There is also a difference in how environments are managed.
OpenClaw setups are often manual and iterative. NemoClaw uses a versioned blueprint that defines the full environment. The system resolves it, verifies it, and applies it consistently.
This makes deployments reproducible.
Final thoughts
I did not include full setup screenshots here. I do not have a spare Linux machine ready, and I am not running a paid NVIDIA Brev environment right now.
From what I have seen, some early users are also hitting issues during installation. The GitHub setup can fail with unclear errors, especially around dependencies and environment configuration.
I expect NVIDIA to smooth this out with better documentation and more stable install flows soon. Right now, you may need to troubleshoot a bit if you try it yourself.
That said, I am still impressed with NemoClaw.
It addresses the main issue surrounding OpenClaw — security. Running autonomous agents without proper isolation is risky. That risk becomes unacceptable in enterprise settings where data access and system integrity are critical.
NVIDIA also announced a lot more during GTC 2026. If you are following this space, it is worth watching the keynote and looking at the broader stack they are building around agents and infrastructure.
