NemoClaw Explained — NVIDIA Enterprise AI for OpenClaw

OpenClaw vs NemoClaw — What's the Difference?

NemoClaw is not a replacement for OpenClaw — it's a security and infrastructure layer that sits on top of it. Think of OpenClaw as the engine and NemoClaw as the armoured chassis built around it for enterprise deployment.

🦞 OpenClaw (base)

Personal & Developer Use

Free, open-source AI agent that runs locally. Powerful for personal automation, but ships with no sandboxing, no network policy enforcement, and no enterprise access controls. You trust the agent completely.

🟢 NemoClaw

Enterprise & Production Use

Wraps OpenClaw in NVIDIA's OpenShell runtime. Every file access, network call, and inference request is intercepted, logged, and governed by YAML policy files. Agents can no longer act outside the boundaries you define.

Who coined the framing? At GTC 2026, NVIDIA described OpenClaw as "to agentic AI what GPT was to chatbots" — a foundational platform that every serious enterprise wants to build on, but which needed enterprise guardrails before that was practical. NemoClaw is that guardrail layer.

The NemoClaw Stack

NemoClaw's nemoclaw CLI orchestrates four layers. Every component is open source and replaceable.

 ┌───────────────────────────────────────────────────────────────┐
 │                     YOUR PROMPT / TASK                        │
 └──────────────────────────────┬────────────────────────────────┘
                                │
 ┌──────────────────────────────▼────────────────────────────────┐
 │                   OPENCLAW AGENTIC LOOP                       │
 │          (Heartbeat · SOUL.md · Memory · Skills)              │
 └──────────────────────────────┬────────────────────────────────┘
                                │  all calls intercepted
 ┌──────────────────────────────▼────────────────────────────────┐
 │                   OPENSHELL RUNTIME                           │
 │  ┌─────────────────┐  ┌───────────────┐  ┌─────────────────┐ │
 │  │ Sandbox         │  │ Network Policy│  │ Privacy Router  │ │
 │  │ /sandbox + /tmp │  │ YAML rules    │  │ Local ↔ Cloud   │ │
 │  │ only            │  │ hot-reloadable│  │ inference       │ │
 │  └─────────────────┘  └───────────────┘  └─────────────────┘ │
 └──────────────────────────────┬────────────────────────────────┘
                                │
        ┌───────────────────────┼───────────────────────┐
        │                       │                       │
 ┌──────▼──────┐        ┌───────▼───────┐      ┌───────▼───────┐
 │  NEMOTRON   │        │    DYNAMO     │      │  NVIDIA CLOUD │
 │  3-Super    │        │  Inference    │      │   (optional)  │
 │  120B local │        │    Engine     │      │  via Privacy  │
 │             │        │               │      │  Router       │
 └─────────────┘        └───────────────┘      └───────────────┘

Core Components

NemoClaw bundles three new components on top of standard OpenClaw. Here's what each one does.

Open Source

OpenShell Runtime

The core security layer of NemoClaw. OpenShell is an open-source sandboxed execution environment that wraps the OpenClaw agent loop and intercepts every action it tries to take before allowing it to proceed.

Restricts filesystem access to /sandbox and /tmp only — locked at sandbox creation, cannot be changed at runtime

Blocks all outbound network connections by default — you whitelist specific hosts in YAML policy files that can be hot-reloaded without restarting the agent

Prevents privilege escalation and dangerous syscalls at the kernel level — cannot be overridden by the agent

Intercepts every inference request the agent makes — routes it through the Privacy Router rather than letting the agent call APIs directly

Logs every agent action with a full audit trail — file reads, network calls, tool invocations, inference requests — all timestamped and attributable

NVIDIA Model

Nemotron-3-Super-120B

The default local model bundled with NemoClaw. Launched on 11 March 2026, it's a 120-billion-parameter hybrid mixture-of-experts model specifically tuned for agentic AI workloads — the kind of multi-step reasoning and tool-use that OpenClaw demands.

NVIDIA

Nemotron-3-Super-120B — Key Specs

120B

Total parameters

12B

Active parameters (MoE)

~87 GB

Disk space (local inference)

24–80 GB

Unified memory required

The hybrid mixture-of-experts architecture means only 12B parameters are active on any single forward pass, making it significantly cheaper to run than a dense 120B model while retaining near-equivalent reasoning quality. It runs on RTX PCs, DGX Spark, DGX Station, and NVIDIA cloud infrastructure. AMD and Intel GPU emulation is supported via the NemoClaw installer.

NVIDIA Engine

Dynamo Inference Engine

NVIDIA's high-throughput inference serving engine, integrated into NemoClaw to handle local model serving for Nemotron and any other models you add. Dynamo optimises GPU utilisation and handles batching, caching, and scheduling automatically.

Serves Nemotron-3-Super-120B locally with NVIDIA GPU acceleration — no cloud latency for inference when running on supported hardware

Handles AMD and Intel GPUs through emulation layers bundled in the NemoClaw installer — no manual driver configuration required

Works alongside the Privacy Router so cloud frontier models (Claude, GPT-4o) can be used for tasks that exceed local hardware capability, with all calls governed by OpenShell's network policy

Exposes metrics on token throughput, latency, and GPU utilisation so enterprise teams can monitor inference costs in real time

Open Source

Privacy Router

The Privacy Router sits between the OpenClaw agent and any external AI APIs. It ensures inference requests from the agent never leave the OpenShell sandbox directly — the router inspects, strips, or redacts data according to policy before passing it to a cloud provider.

Inspects outbound inference payloads for PII, secrets, and policy-defined sensitive patterns before they leave the sandbox

Redacts or replaces sensitive content with anonymised tokens — the cloud model sees sanitised data, the local agent sees real data in the response

Routes tasks requiring high privacy to the local Nemotron model, and tasks requiring frontier capability to approved cloud models — routing rules defined in YAML

Logs every routing decision with the reason — full auditability of which data went where and why

The YAML Policy System

OpenShell's behaviour is entirely controlled by YAML policy files. Policies define what the agent can access, where it can call out, and how inference is routed. They can be hot-reloaded at runtime without restarting the agent.

nemoclaw-policy.yaml — example baseline policy

            
            # NemoClaw OpenShell Policy — v1.0
# Controls what this agent can access and where it can go

sandbox:
  filesystem:
    allow_read:  ["/sandbox", "/tmp", "/data/approved"]
    allow_write: ["/sandbox/output", "/tmp"]
    deny_read:   ["/etc", "/root", "/home"]  # locked, cannot be overridden

network:
  default: deny                      # block everything by default
  allow:
    - host: "api.slack.com"
      ports: [443]
      methods: ["POST"]
    - host: "api.anthropic.com"
      ports: [443]
      via_privacy_router: true       # must route through privacy router

inference:
  local_model: "nemotron-3-super-120b"
  cloud_fallback: "claude-sonnet-4-6"
  route_local_if:
    - contains_pii: true
    - data_classification: "confidential"

privacy:
  pii_detection: true
  redact_patterns:
    - "SSN"
    - "credit_card"
    - "api_key"
  strip_before_cloud: true

audit:
  log_all_actions: true
  log_path: "/sandbox/audit.log"
  retention_days: 90
            

Hot-reloadable. Network and privacy policy changes take effect immediately without restarting the agent. Filesystem and syscall rules are locked at sandbox creation for security and cannot be hot-reloaded.

Feature Comparison

A side-by-side look at what NemoClaw adds on top of standard OpenClaw.


Feature	🦞 OpenClaw	🟢 NemoClaw
Cost	Free & open source	Free & open source
Filesystem sandboxing	✗ Full access	✓ Restricted to /sandbox, /tmp
Network policy	✗ Unrestricted	✓ YAML allowlist, hot-reloadable
PII redaction	✗ None	✓ Auto-detects & strips before cloud
Inference routing	~ Manual config only	✓ Automatic local/cloud routing by policy
Audit logging	~ Basic Heartbeat logs	✓ Full tamper-evident audit trail
Bundled local model	✗ Bring your own	✓ Nemotron-3-Super-120B included
GPU support	~ NVIDIA only via Ollama	✓ NVIDIA + AMD/Intel emulation built-in
Privilege escalation protection	✗ None	✓ Kernel-level syscall blocking
Runs on	Any machine with 8 GB RAM	24–80 GB unified memory for local inference
Best for	Personal use, developers, prototyping	Enterprise, production, regulated industries
Maturity	Stable · Production-ready	Alpha · Early-stage

Installing NemoClaw

NemoClaw ships as a single-command installer that handles OpenClaw, OpenShell, Nemotron, and Dynamo in one go. You need a few prerequisites first.

Docker

Required for the OpenShell sandbox container runtime.

Node.js 20+

Required for the NemoClaw CLI and OpenClaw agent runtime.

NVIDIA API Key

Required for cloud inference and model downloads via build.nvidia.com.

24–80 GB Memory

For local Nemotron inference. Lower spec machines can use cloud-only mode.

Install the NemoClaw CLI

Run npm install -g nemoclaw or use the 1-click desktop installer from github.com/nvidia-nemoclaw/NemoClaw. Supports macOS and Windows with AMD/Intel emulation.

Authenticate with NVIDIA

Run nemoclaw auth login and enter your NVIDIA API key from build.nvidia.com/nemoclaw. This authorises model downloads and cloud inference.

Run the full stack install

Run nemoclaw install. This downloads OpenClaw, OpenShell, Nemotron-3-Super-120B (~87 GB), and Dynamo. On first run it creates a versioned blueprint that locks the sandbox baseline.

Write your policy file

Copy the example policy from nemoclaw init-policy and customise the network allowlist and privacy rules for your environment. Save it to nemoclaw-policy.yaml.

Start the sandboxed agent

Run nemoclaw start --policy nemoclaw-policy.yaml. OpenClaw starts inside the OpenShell sandbox, Dynamo spins up Nemotron locally, and your agent is ready — fully sandboxed from the first prompt.

Quick install — copy and run

# Prerequisites: Docker, Node.js 20+, NVIDIA API key

# Install CLI
npm install -g nemoclaw

# Login
nemoclaw auth login

# Install full stack (downloads ~87 GB for local inference)
nemoclaw install

# Generate starter policy
nemoclaw init-policy > nemoclaw-policy.yaml

# Start sandboxed agent
nemoclaw start --policy nemoclaw-policy.yaml

# Check status
nemoclaw status

Alpha status. NemoClaw is early-stage as of GTC 2026. NVIDIA recommends it for development and evaluation environments. Production deployments should wait for the first stable release. Check the official GitHub repo for the latest release notes.

Where NemoClaw Runs

NemoClaw is designed to run OpenClaw securely across the full spectrum of NVIDIA hardware — from a developer's desktop to a data centre cluster.

RTX PCs

RTX 4090 / 5090 with 24 GB VRAM. Local Nemotron inference, full OpenShell sandbox. Best for developers.

DGX Spark

128 GB unified memory. Ideal for teams running multiple sandboxed agents simultaneously in a local rack.

DGX Station

Up to 640 GB unified memory. Enterprise on-premises deployments with compliance data residency requirements.

NVIDIA Cloud

Full cloud-hosted deployment via build.nvidia.com. No local GPU required — cloud inference via Privacy Router.

AMD / Intel GPUs

Supported via emulation layers bundled in the installer. Performance is reduced vs native NVIDIA hardware.

Ready to Go Deeper?

Explore OpenClaw's security foundations, or head to the official NVIDIA docs to set up NemoClaw today.

Official GitHub NVIDIA Docs Security Guide Architecture