How NemoClaw Secures Autonomous AI Agents with Kernel‑Level Sandboxing

NemoClaw Overview

NemoClaw is NVIDIA’s controlled runtime and security layer built around the OpenClaw assistant, providing kernel‑level isolation, policy enforcement, and audited inference routing for autonomous AI agents.

Three‑Layer Architecture

Layer 1 – OpenShell (sandbox runtime)

OpenShell is an open‑source secure runtime that runs each agent inside a hardened sandbox built on Linux security primitives:

Landlock – filesystem access control.

seccomp – system‑call filtering.

Network namespaces – per‑agent network isolation.

Process isolation – prevents privilege escalation from compromised dependencies.

Layer 2 – NemoClaw (policy & deployment bridge)

NemoClaw connects OpenClaw to OpenShell and adds versioned, blueprint‑based policy control. Blueprints define sandbox creation parameters, security policies, inference provider routing, session‑monitoring rules, and operator approval workflows.

Sandbox creation parameters

Security policy definitions

Inference provider routing

Session monitoring rules

Operator approval workflow

One command launches a fully isolated agent environment:

curl -fsSL https://nvidia.com/nemoclaw.sh | bash
nemoclaw onboard

The onboard command guides you through connecting an inference provider, setting filesystem policies, and configuring network rules.

Layer 3 – Inference Routing

The inference layer supports three configurations, all governed by the same policy and audit layer:

NVIDIA‑hosted inference – cloud API endpoints.

Local NIM – run NVIDIA models (e.g., Nemotron) on local hardware.

Self‑hosted vLLM – run open‑source models on your own infrastructure.

Getting Started

Prerequisites

Linux (Ubuntu 22.04+; required for Landlock & seccomp).

Docker.

GitHub CLI ( gh) for downloading OpenShell binaries.

NVIDIA GPU (optional, needed for local NIM inference).

Installation

curl -fsSL https://nvidia.com/nemoclaw.sh | bash

The nemoclaw CLI is the primary entry point for setting up and managing sandboxed OpenClaw agents, delegating heavy lifting to versioned blueprints.

──────────────────────────────────────────────────
Sandbox my‑assistant (Landlock+seccomp+netns)
Model nvidia/nemotron‑3‑super‑120b‑a12b (NVIDIA Cloud API)
──────────────────────────────────────────────────
Run: nemoclaw my‑assistant connect
Status: nemoclaw my‑assistant status
Logs: nemoclaw my‑assistant logs --follow
──────────────────────────────────────────────────
[INFO]=== Installation complete ===

After installation, start a session with nemoclaw my‑assistant connect to interact via TUI or CLI.

Comparison with OpenClaw

Runtime isolation: process‑level (OpenClaw) vs kernel‑level sandbox (NemoClaw + OpenShell).

Network security: host firewall (OpenClaw) vs per‑agent network namespace (NemoClaw).

Inference options: cloud API only (OpenClaw) vs cloud, local NIM, or self‑hosted vLLM (NemoClaw).

Policy management: hard‑coded or none (OpenClaw) vs versioned blueprints (YAML/JSON) in NemoClaw.

Data privacy: provider‑dependent (OpenClaw) vs data stays on‑premises with local execution (NemoClaw).

Current Limitations

Observability is basic; no built‑in Datadog, Grafana, or OpenTelemetry integration.

CLI‑only interface; no graphical UI for non‑technical operators.

Lacks a testing framework for sandboxed agents or policy dry‑runs.

Does not support multi‑cloud orchestration; limited to single host or cluster deployments.

Documentation is still evolving; some commands lack clear explanations.

Takeaway

For regulated sectors that cannot send data to external APIs, NemoClaw offers a way to keep data on‑premises while providing flexible inference options, but teams must build their own monitoring, UI, and testing tooling to reach production‑grade reliability.