What Is NemoClaw? NVIDIA's Security Stack for OpenClaw

What Is NemoClaw?

NemoClaw is NVIDIA's open-source reference stack for running OpenClaw more securely inside the NVIDIA OpenShell runtime. It wraps OpenClaw in enterprise-grade security controls — sandboxed execution, managed inference, policy enforcement, and network isolation — so teams can run autonomous AI agents in environments where compliance and auditability matter.

The project launched as an early preview on March 16, 2026 and is available on GitHub at github.com/NVIDIA/NemoClaw under the Apache 2.0 license. NVIDIA has been clear that NemoClaw is not production-ready yet — it is designed for evaluation, testing, and early integration work.

The simplest way to understand NemoClaw: OpenClaw is the engine, and NemoClaw is the armored vehicle built around it. OpenClaw handles the AI reasoning, messaging integrations, memory, and task execution. NemoClaw handles the security perimeter — what the agent can access, which models it can call, how network traffic is routed, and what happens when the agent tries to do something outside its policy boundaries.

If you are already running OpenClaw and want to understand the differences in detail, the OpenClaw vs NemoClaw comparison breaks down every trade-off.

How Does NemoClaw Work?

NemoClaw sits between OpenClaw and the underlying infrastructure. Instead of OpenClaw running directly on a VPS or bare metal server, it runs inside the NVIDIA OpenShell runtime — a container-like execution environment that enforces security policies at the system level.

The architecture has four main layers:

1. OpenShell Runtime — the sandboxed execution environment where OpenClaw runs. It controls filesystem access, network egress, and process isolation. The agent cannot reach outside its sandbox without explicit policy approval.
2. Inference Router — manages which LLM endpoints the agent can access and how requests are routed. This means teams can enforce model selection policies (e.g., only Claude 4 Sonnet for production, allow GPT-4 for fallback) and track token usage per agent per task.
3. Policy Engine — a rules layer that defines what the agent is allowed to do. Policies can restrict which APIs the agent calls, what data it can read, which messaging channels it can access, and what approval workflows are required for sensitive actions.
4. State Manager — handles agent state persistence, crash recovery, and session continuity. If the agent process dies, the state manager can restart it from its last checkpoint without losing context.

When an OpenClaw agent running inside NemoClaw tries to send a message, call an API, or access a file, the request passes through the policy engine first. If the action is allowed, it proceeds. If not, it is logged and blocked — and the agent receives a structured denial that it can reason about.

What Are NemoClaw's Key Features?

Guided Onboarding

NemoClaw includes a setup wizard that walks teams through configuring the OpenShell runtime, connecting to LLM providers, defining initial policies, and deploying a first agent. This reduces the typical OpenClaw setup process from manual configuration files to a structured, step-by-step flow.

Hardened Blueprint

The project ships with a default security blueprint that covers common enterprise requirements: network isolation, credential rotation, audit logging, and execution boundaries. Teams can use the blueprint as-is or customize it for their specific compliance needs.

State Management

NemoClaw adds robust state persistence on top of OpenClaw's existing memory system. Agent state is checkpointed regularly, and the state manager can recover from crashes, restarts, and infrastructure failures without losing conversation context or task progress.

Messaging Bridges

NemoClaw includes pre-built bridges for routing messages between OpenClaw's native messaging integrations (Telegram, WhatsApp, Slack) and enterprise messaging systems. These bridges add logging, filtering, and policy enforcement to every message the agent sends or receives.

Routed Inference

Instead of OpenClaw calling LLM APIs directly, NemoClaw routes all inference requests through a managed proxy. This allows teams to enforce model selection policies, implement cost controls, add request logging, and swap providers without changing agent configuration.

Layered Protection

Security in NemoClaw operates at multiple levels simultaneously: runtime-level sandboxing (what processes can run), network-level controls (what endpoints are reachable), API-level policies (what actions are allowed), and data-level restrictions (what information the agent can access). Each layer operates independently, so a failure in one layer does not compromise the others.

How Does NemoClaw Relate to OpenClaw?

NemoClaw is built on top of OpenClaw — it does not replace it. The relationship is additive: everything OpenClaw can do, NemoClaw can do too, because OpenClaw is running inside it. NemoClaw adds the security, policy, and infrastructure management layers that enterprise teams need.

Here is how they differ in practice:

For a detailed feature-by-feature breakdown, see the OpenClaw vs NemoClaw comparison. For a three-way comparison that includes NanoClaw, see the NanoClaw vs OpenClaw vs NemoClaw guide.

Who Is NemoClaw For?

NemoClaw is designed for a specific subset of OpenClaw operators — teams that need enterprise-grade security controls around their AI agent deployments. The typical NemoClaw user profile includes:

• Enterprise security teams that need to run AI agents inside policy-enforced sandboxes with full audit trails and compliance documentation.
• Regulated industries (finance, healthcare, legal) where agent actions must be logged, reviewed, and approved before execution.
• Multi-tenant environments where multiple agents from different teams or departments run on shared infrastructure and need strict isolation.
• DevOps teams that want to manage AI agent infrastructure the same way they manage other containerized workloads — with orchestration, monitoring, and automated recovery.

If you are a solo founder or small team running a single OpenClaw agent on a Hostinger VPS, NemoClaw adds complexity without proportional benefit. Standard OpenClaw security hardening covers the essentials for most operators.

NemoClaw becomes valuable when you need to answer questions like: "Which model did the agent use for that decision?", "Can we prove the agent never accessed customer PII outside its policy boundary?", or "If the agent crashes at 3 AM, does it recover automatically without losing context?"

How Do You Get Started With NemoClaw?

Since NemoClaw is in early preview, getting started requires more technical comfort than a standard OpenClaw install. The basic steps:

1. Clone the repository from github.com/NVIDIA/NemoClaw.
2. Install the OpenShell runtime — NemoClaw requires the NVIDIA OpenShell runtime as its execution environment. The repo includes installation scripts for Linux.
3. Configure your security blueprint — define policies for network access, model routing, and execution boundaries using the included YAML templates.
4. Deploy OpenClaw inside the runtime — NemoClaw handles the OpenClaw installation and configuration within the sandboxed environment.
5. Connect messaging channels — configure Telegram, WhatsApp, Slack, or other messaging bridges through the NemoClaw bridge configuration.

The guided onboarding wizard covers these steps interactively, but expect to spend more time on initial setup compared to a direct OpenClaw install. The tradeoff is a significantly more secure and manageable deployment once everything is configured.

Before diving into NemoClaw, make sure you understand OpenClaw fundamentals first. The complete guide to OpenClaw covers everything from basic setup through advanced operations.

Community Resources

NemoClaw has a growing community despite being in early preview:

• Official GitHub — github.com/NVIDIA/NemoClaw for source code, issues, and discussions.
• Awesome NemoClaw — github.com/VoltAgent/awesome-nemoclaw is a community-maintained list of NemoClaw resources, tutorials, blueprints, and integrations.
• Remote OpenClaw community — the Skool community has a growing number of members experimenting with NemoClaw alongside standard OpenClaw deployments.

For coverage of how NemoClaw stacks up against other security approaches in the OpenClaw ecosystem, the following guides provide detailed analysis:

• OpenClaw vs NemoClaw — direct feature comparison
• NanoClaw vs OpenClaw vs NemoClaw — three-way comparison across the ecosystem
• OpenClaw 3-Tier Security Hardening — security without NemoClaw

Frequently Asked Questions

What's the difference between NemoClaw and OpenClaw?

OpenClaw is the open-source AI agent runtime that connects to messaging platforms and executes tasks autonomously. NemoClaw is NVIDIA's security wrapper that runs OpenClaw inside the NVIDIA OpenShell runtime, adding sandboxed execution, policy-driven network controls, managed inference routing, and layered protection. You can run OpenClaw without NemoClaw, but NemoClaw requires OpenClaw as its core agent engine. For the full breakdown, see the OpenClaw vs NemoClaw comparison.

Is NemoClaw production-ready?

Not yet. NemoClaw released as an early preview on March 16, 2026 under the Apache 2.0 license. NVIDIA explicitly labels it as pre-production software intended for evaluation and testing. Teams experimenting with it should expect breaking changes, incomplete documentation, and gaps in enterprise tooling. For production OpenClaw deployments today, standard security hardening remains the recommended approach.

Do I need NemoClaw to use OpenClaw?

No. OpenClaw runs independently on any Linux or macOS machine without NemoClaw. NemoClaw is an optional security layer for teams that need enterprise-grade sandboxing, policy enforcement, and managed inference routing. Most individual operators and small teams run OpenClaw directly with standard security hardening and get everything they need.