# NemoClaw > An open-source reference stack by NVIDIA for running OpenClaw always-on AI assistants more safely inside hardened OpenShell sandboxes with managed inference routing. NVIDIA NemoClaw is an open-source reference stack that simplifies running OpenClaw always-on assistants more safely inside NVIDIA OpenShell containers. Released in early alpha preview on March 16, 2026, it is part of the NVIDIA Agent Toolkit ecosystem and is licensed under Apache 2.0. The project is explicitly marked as not production-ready, shared to gather community feedback and enable early experimentation. ## What It Is NemoClaw sits between the OpenClaw agent framework and the NVIDIA OpenShell runtime, providing a hardened, opinionated deployment blueprint for autonomous AI agents. Where OpenShell provides the low-level container security primitives (Landlock, seccomp, network namespaces), NemoClaw adds guided onboarding, lifecycle management, state management, OpenShell-managed channel messaging, routed inference, and layered protection on top. The result is a single CLI-driven workflow for installing, configuring, sandboxing, and operating an OpenClaw agent on a local or remote machine. ## Architecture and Stack NemoClaw is structured as a TypeScript CLI plugin (Commander-based) that wraps the OpenShell runtime. Key architectural layers include: - **Blueprint layer**: YAML-defined sandbox configuration, network policies, and snapshot/state management - **OpenShell gateway**: An L7 proxy that mediates all traffic between the sandbox and the host or external APIs, ensuring the sandbox never sees raw API keys - **Model Router (experimental)**: An optional LiteLLM proxy using the NVIDIA LLM Router v3 prefill routing engine, which selects the most cost-efficient model from a configurable pool for each query - **Sandbox hardening**: Container capability drops, process limits, Landlock filesystem restrictions, seccomp filtering, and network namespace isolation The sandbox image is approximately 2.4 GB compressed, and the router runs on the host on port 4000, not inside the sandbox. ## Setup Path Installation is a single curl-piped bash command that installs Node.js via nvm if absent, then runs a guided onboard wizard: ``` curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` The wizard configures inference provider, security policies, and creates the sandbox. Non-interactive and CI modes are supported via environment variables. Tested platform combinations include Linux with Docker (primary path), macOS Apple Silicon with Colima or Docker Desktop, NVIDIA DGX Spark, and Windows WSL2 with Docker Desktop. Minimum hardware is 4 vCPU, 8 GB RAM, and 20 GB free disk. ## Inference Routing NemoClaw supports multiple inference providers and includes an experimental model router. The router uses a lightweight Qwen3.5-0.8B encoder to predict which model in a configured pool can handle each query correctly, then routes to the cheapest model meeting an accuracy threshold. A `tolerance` parameter (default 0.20) controls the accuracy-cost tradeoff. Supported models in the default pool include NVIDIA Nemotron-3-Nano and Nemotron-3-Super variants via the NVIDIA inference API, as well as local Ollama inference for DGX Spark deployments. ## Agent Skills and Tooling Integration NemoClaw ships packaged user skills for AI coding assistants such as Cursor and Claude Code. According to the documentation, these skills turn the NemoClaw docs into task-focused guidance that the assistant can apply to the local environment, covering setup, inference, policy management, monitoring, deployment, security, and troubleshooting from within the coding assistant chat interface. ## Current Status: Alpha The project badge and README explicitly state alpha status as of the March 2026 launch. Interfaces, APIs, and behavior may change without notice. The GitHub repository shows active development with over 20,000 stars and ongoing issue tracking. The documentation site is built with Fern and includes full reference coverage for CLI commands, network policies, sandbox hardening, and troubleshooting. ## Features - Guided onboarding wizard for OpenClaw agents - Hardened sandbox blueprint with Landlock, seccomp, and network namespace isolation - OpenShell-managed channel messaging - Routed inference with experimental model router - State management and blueprint lifecycle management - Layered network policy controls with egress approval flow - CLI-driven sandbox lifecycle (create, inspect, update, remove) - Packaged user skills for AI coding assistants (Cursor, Claude Code) - Support for local Ollama inference and NVIDIA cloud endpoints - Non-interactive and CI installation modes - Sandbox monitoring, logs, and health inspection - Uninstall command with version-pinned cleanup script ## Integrations OpenClaw, NVIDIA OpenShell, NVIDIA Agent Toolkit, Docker, Colima, Docker Desktop, k3s, LiteLLM, NVIDIA LLM Router v3, Ollama, NVIDIA Nemotron models, NVIDIA inference API, Cursor, Claude Code, nvm, npm ## Platforms WINDOWS, MACOS, LINUX, WEB, API, CLI ## Pricing Open Source ## Version alpha ## Links - Website: https://docs.nvidia.com/nemoclaw/latest/ - Documentation: https://docs.nvidia.com/nemoclaw/latest/ - Repository: https://github.com/NVIDIA/NemoClaw - EveryDev.ai: https://www.everydev.ai/tools/nemoclaw