Last updated: 2026-05-30
🔒

NemoClaw

OpenClaw · NVIDIA OpenShell · Sandboxed · Policy-controlled
Free & open source Containerised security Claude · OpenAI · Nemotron VPS or local GPU optional

NemoClaw is OpenClaw running inside NVIDIA's OpenShell security sandbox. Every network call, file access, and AI request goes through a policy engine you control — your API keys never touch the inside of the container. You don't need NVIDIA GPU hardware to use it; most users run it on a $10/month VPS connected to Claude or OpenAI.

May 2026 security & reliability wave

SHA-256 integrity shieldsshields up now seals locked files with SHA-256 checksums; shields status detects tampering. Gateway token rotation — the auth token now rotates on every sandbox rebuild automatically (no config change required). Safe uninstallnemoclaw uninstall now preserves rebuild-backups and sandboxes.json by default; add NEMOCLAW_UNINSTALL_DESTROY_USER_DATA=1 to purge everything. Hermes is now first-class — both OpenClaw and Hermes agents are fully supported (Hermes is no longer labeled experimental). WhatsApp diagnostics — new nemoclaw <sandbox> channels status command shows QR/session state and connection health.

Skills resources for NemoClaw

NemoClaw uses the same skill architecture as OpenClaw — all official skills are compatible. We don't maintain a separate skills database for NemoClaw:

Skills Guide: Write Your Own
Skills Database: 53 Verified Official

Skill install commands are identical: openclaw skill install <name> works unchanged inside the NemoClaw sandbox.

NemoClaw vs OpenClaw — What's Different

FeatureNemoClawOpenClaw
Execution environmentOpenShell security sandbox (containerised)Direct on host OS
Network policyDeny-by-default; you allowlist domains explicitlyPermissive by default
API key securityKeys stored outside sandbox via OpenShell provider systemIn config files on host
GPU inferenceOptional NVIDIA Nemotron models if GPU availableOllama or cloud providers
Setup complexityMore steps (Docker, OpenShell, sandbox, Caddy)Single CLI install
Skill compatibilityFull — all 53 official OpenClaw skills workFull

If you don't need the sandbox security model, OpenClaw is simpler to start with. If you're handling credentials, production infrastructure, or sensitive data, NemoClaw's defaults are worth the extra setup.

NemoClaw Use Cases

NemoClaw shines for self-hosted, containerised setups where you control the GPU and the policy.

NemoClaw Troubleshooting

NemoClaw Security

Related on This Site

  • OpenClaw hub — the base framework NemoClaw runs on top of
  • IronClaw — a different security-hardened approach: stricter defaults without Docker/OpenShell
  • Decision guide — pick the right agent for your use case
  • Weekly News Digest — NemoClaw updates and OpenShell security advisories

📬 Weekly Digest — In Your Inbox

One email a week: top news, releases, and our deepest new guide. No spam. Same content via RSS if you prefer.