NVIDIA has released NemoClaw, an open-source tool that enables secure deployment of OpenClaw autonomous agents through sandboxed execution environments with multiple protection layers for network, filesystem, and process isolation.
Purpose-Built for Agent Security
NemoClaw addresses a critical challenge in deploying autonomous AI agents: ensuring they operate safely without unauthorized system access. The framework provides a comprehensive security wrapper around OpenClaw always-on assistants, leveraging NVIDIA's OpenShell runtime for isolation.
Key security features include:
- Sandboxed execution environment with multiple protection layers
- Network, filesystem, process, and inference controls
- Hot-reloadable network policies for runtime flexibility
- Declarative policy governance for all system operations
Architecture and Integration
The tool orchestrates four main components working together:
- A TypeScript CLI plugin for command-line interaction
- A Python blueprint artifact for agent configuration
- An isolated OpenShell container for secure execution
- Cloud-based inference routing to NVIDIA's Nemotron-3-super-120b-a12b model
The system prevents unauthorized network connections, restricts filesystem access outside designated directories, and blocks dangerous system calls.
Hardware Requirements and Availability
NVIDIA recommends 4+ vCPU and 16GB RAM for running NemoClaw, with the sandbox image approximately 2.4GB compressed. The project includes both interactive CLI and TUI interfaces for agent communication.
The project remains in alpha stage, with NVIDIA noting that interfaces, APIs, and behavior may change without notice as development continues.
Key Takeaways
- NemoClaw provides enterprise-grade security for autonomous agent deployment
- Multiple isolation layers protect against unauthorized system access
- Integrates with NVIDIA cloud inference infrastructure
- Open-source and available now in alpha stage