TL;DR: NemoClaw installs with one command on Ubuntu. You need Docker, Node.js 20+, and an NVIDIA API key. First agent runs in under 30 minutes.
NVIDIA NemoClaw launched at GTC 2026 on March 16. It wraps OpenClaw with enterprise security. Kernel-level sandboxing, audit trails, and a privacy router that keeps sensitive data on-device.
The tool is free and open source (Apache 2.0). But it is in alpha. That means rough edges. Setup is not always smooth. Docker conflicts, cgroup issues, and OOM kills are real problems people hit.
This guide walks through every step. Prerequisites, installation, first sandbox, first agent, troubleshooting. Based on the official NVIDIA docs and real issues from the GitHub repository.
What’s your main goal with NemoClaw?
Select your situation below.
NemoClaw’s sandbox security is perfect for AI agent development, but you’ll need experienced developers who understand LLM integration and Docker orchestration. Southeast Asia has strong AI talent at $3,500-6,500/month—60% less than US rates. Hire AI developers →
Installing NemoClaw requires Docker, Node.js, and kernel-level configuration—classic DevOps territory. If your team lacks this expertise, offshore DevOps engineers in Vietnam and Philippines average $4,200/month with strong Linux and containerization skills. Find DevOps engineers →
Alpha tools like NemoClaw need hands-on developers who can troubleshoot cgroup errors and OOM kills. Our EOR service handles payroll, compliance, and benefits in 5 Southeast Asian countries, so you focus on building, not admin. Get EOR pricing →
NemoClaw is free, but implementation isn’t. Full-stack developers who can handle both backend integration and frontend TUI setup cost $5,800/month in Southeast Asia versus $12,000+ in the US. Our rate card shows real 2026 salaries across 8 tech roles. View developer rates →
What’s your main goal with NemoClaw?
Select your situation below.
NemoClaw gives you kernel-level sandboxing for production AI agents. You’ll need developers who understand Docker orchestration, LLM integration, and security policies. Southeast Asia has full-stack engineers at $3,200–$5,800/month who can build and maintain agent systems. Hire full-stack developers →
NemoClaw’s four-layer security model requires DevOps expertise. You need engineers who can configure audit trails, privacy routers, and container policies. Vietnam offers DevOps engineers at $2,800–$4,500/month with cloud security experience. Find DevOps engineers →
Running NemoClaw in production means hiring across time zones. An EOR handles contracts, payroll, and compliance in 15+ countries so you can onboard AI engineers in 48 hours. No local entity required. Get EOR pricing →
AI engineers in Southeast Asia cost 60–70% less than US rates. Our 2026 salary index covers backend, DevOps, and ML roles across Vietnam, Philippines, and Indonesia with real compensation data from 800+ placements. See Asia salary data →
What You Need Before Starting
| Requirement | Minimum | Recommended |
|---|---|---|
| OS | Ubuntu 22.04 LTS | Ubuntu 22.04+ (DGX Spark ships 24.04) |
| CPU | 4 vCPUs | 4+ vCPUs |
| RAM | 8 GB | 16 GB |
| Disk | 20 GB free | 40 GB free |
| Node.js | v20 | v22 |
| npm | v10 | v10+ |
| Docker | Installed, running, user in docker group | Same |
| OpenShell CLI | Latest release | Latest release |
| GitHub CLI (gh) | Required for OpenShell download | Same |
| NVIDIA API Key | From build.nvidia.com | Same |
NemoClaw runs on Linux only. Windows users can try WSL2 (experimental, GPU detection has issues). macOS has partial support but local inference does not work properly yet.
The sandbox image is about 2.4 GB compressed. During setup, Docker, k3s, and the OpenShell gateway run simultaneously. Systems with less than 8 GB RAM risk OOM kills. If you have exactly 8 GB, add swap space before starting.
Step 1: Get Your NVIDIA API Key
You need this before anything else.
- Go to build.nvidia.com
- Sign in or create a free NVIDIA developer account
- Navigate to any NIM model page (like Nemotron)
- Click “Get API Key”
- Copy the key. It starts with
nvapi-
Keep this key ready. The onboard wizard will ask for it.
Step 2: Install Docker
If Docker is already running, skip to verification. If not, install it first.
After installation, verify Docker works:
docker ps
If you get a permission error, add your user to the Docker group:
sudo usermod -aG docker $USER
Log out and back in for the group change to take effect. On Fedora and RHEL, also run newgrp docker in the same terminal. Without this, the NemoClaw preflight check shows a misleading “Docker is not running” error even when Docker works fine.
Cgroup Fix for Ubuntu 24.04 and DGX Spark
If you are on Ubuntu 24.04 or DGX Spark, you need a cgroup v2 fix. Without it, OpenShell’s embedded k3s fails with “Failed to start ContainerManager.”
Edit /etc/docker/daemon.json and add:
{"default-cgroupns-mode": "host"}
Then restart Docker:
sudo systemctl restart docker
On DGX Spark, you can run sudo nemoclaw setup-spark to automate this fix.
GPU Access (Optional)
If you have an NVIDIA GPU and want GPU passthrough into sandboxes:
sudo nvidia-ctk runtime configure --runtime=docker
sudo systemctl restart docker
Verify GPU access inside Docker:
docker run --rm --runtime=nvidia --gpus all ubuntu nvidia-smi
Step 3: Install Node.js
NemoClaw needs Node.js 20 or later. Version 22 is recommended.
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs
Verify the version:
node --version
If you use nvm, watch for version conflicts. The NemoClaw installer may set a different default than what you expect. Manually set it with nvm alias default 22 if needed.
Step 4: Install OpenShell CLI
OpenShell is the security runtime that provides sandboxing. It is a separate binary.
Install the GitHub CLI first (needed to download OpenShell):
sudo apt-get install -y gh
gh auth login
Then download and install OpenShell:
ARCH=$(uname -m) && gh release download --repo NVIDIA/OpenShell --pattern "openshell-${ARCH}-unknown-linux-musl.tar.gz" && tar xzf openshell-${ARCH}-unknown-linux-musl.tar.gz && sudo install -m 755 openshell /usr/local/bin/openshell
Verify it is installed:
openshell --version
Step 5: Install NemoClaw
You have two options.
Option A: One-Line Installer
curl -fsSL https://nvidia.com/nemoclaw.sh | bash
This installs Node.js if missing and launches the onboard wizard automatically.
Option B: Manual Install from GitHub
git clone https://github.com/NVIDIA/NemoClaw && cd NemoClaw && sudo npm install -g .
Then run the wizard:
nemoclaw onboard
Step 6: The Onboard Wizard
The nemoclaw onboard wizard walks through seven steps. Here is what happens at each one.
| Step | What Happens | Your Input |
|---|---|---|
| 1. API Key | Stores your NVIDIA key in ~/.nemoclaw/credentials.json | Paste your nvapi-* key |
| 2. Preflight | Checks Docker is running, OpenShell is on PATH | None (automatic) |
| 3. Gateway | Starts the OpenShell gateway (30-60 seconds first run) | None (automatic) |
| 4. Sandbox | Builds/pulls the sandbox image (2-5 minutes first build) | Enter sandbox name or accept default |
| 5. Inference | Detects local Ollama or uses NVIDIA cloud | Select inference option |
| 6. OpenClaw | Auto-configures OpenClaw inside sandbox | None (automatic) |
| 7. Policy | Applies baseline security presets (pypi, npm) | Press Y to accept |
The whole process takes 10-15 minutes on a fast connection. Most of the time is spent downloading the sandbox image.
If you want to use local inference through Ollama instead of NVIDIA cloud, set this before running onboard:
export NEMOCLAW_EXPERIMENTAL=1
This enables the local inference option in the wizard.
Step 7: Connect to Your First Sandbox
After onboarding completes, connect to your sandbox:
nemoclaw my-assistant connect
You are now inside the sandboxed environment. Launch the interactive chat:
openclaw tui
Or send a single message:
openclaw agent --agent main --local -m "Hello from the sandbox" --session-id test
To check sandbox health from outside:
nemoclaw my-assistant status
To stream logs:
openclaw nemoclaw logs -f
Step 8: Set Up the Operator Approval TUI
This is one of NemoClaw’s best features. Open a separate terminal and run:
openshell term
The TUI shows live network connections, blocked requests, and inference routing status. When your agent tries to reach a host not on the allowlist, you see it here. You approve or deny in real-time.
Approved endpoints persist for the current session only. They are not written back to the baseline policy file. For permanent additions, edit openclaw-sandbox.yaml directly.
We set this up for a client running backend development agents. Within the first hour, the TUI caught three unexpected outbound connection attempts. Two were legitimate (npm registry, GitHub API). One was a skill trying to phone home to an unknown server. The TUI blocked it instantly.
Understanding the Four Security Layers
Before configuring policies, understand what NemoClaw protects you from. Four isolation layers run at the kernel level. The agent cannot override any of them.
Network layer. Blocks all outbound connections except hosts you explicitly allow. Hot-reloadable. Change rules without restarting the sandbox.
Filesystem layer. The agent can only write to /sandbox and /tmp. System paths are read-only. Locked at creation. Cannot be changed on a running sandbox.
Process layer. Blocks privilege escalation and dangerous syscalls using Landlock, seccomp, and network namespaces. Locked at creation.
Inference layer. All LLM API calls route through the OpenShell gateway. The agent never holds API keys directly. Hot-reloadable.
These constraints are out-of-process. They exist in the environment, not in the agent. Even if the agent is compromised through prompt injection or a malicious skill, the sandbox holds. This is the fundamental difference between NemoClaw and running AI agents with application-level guardrails.
Configuring Security Policies
Policies live in openclaw-sandbox.yaml. They control two things. Network egress (which hosts the agent can reach) and filesystem access (which directories it can write to).
Network rules are hot-reloadable. You can change them without restarting the sandbox. Filesystem rules are locked at creation. You cannot remove filesystem restrictions on a running sandbox.
NemoClaw ships with presets:
- pypi allows access to the Python Package Index
- npm allows access to the npm registry
Manage presets with:
nemoclaw my-assistant policy-add
nemoclaw my-assistant policy-list
For custom policies, define which endpoints your agents can reach. Which directories they can write to. Which inference backends they should use. Version these files in git. Review them like code.
Switching LLM Models
NemoClaw defaults to Nemotron 3 Super 120B through NVIDIA cloud. You can switch models at runtime without restarting.
| Model | Context Window | Max Output |
|---|---|---|
| nvidia/nemotron-3-super-120b-a12b | 131,072 | 8,192 |
| nvidia/llama-3.1-nemotron-ultra-253b-v1 | 131,072 | 4,096 |
| nvidia/llama-3.3-nemotron-super-49b-v1.5 | 131,072 | 4,096 |
| nvidia/nemotron-3-nano-30b-a3b | 131,072 | 4,096 |
Switch to a different NVIDIA model:
openshell inference set --provider nvidia-nim --model nvidia/llama-3.1-nemotron-ultra-253b-v1
Switch to local Ollama:
openshell inference set --provider ollama-local --model nemotron-3-super:120b
Verify the current model:
openshell inference get
Local inference with Ollama requires about 87 GB of disk space for the Nemotron 3 Super 120B model. You need to install Ollama first:
curl -fsSL https://ollama.com/install.sh | sh
Pull the model:
ollama pull nemotron-3-super:120b
Configure Ollama to listen on all interfaces so containers can access it:
sudo systemctl edit ollama.service
Add Environment="OLLAMA_HOST=0.0.0.0" and restart the service. Local inference keeps all data on your machine. Nothing goes to the cloud. For teams handling sensitive data in regulated markets like Singapore, this is often a compliance requirement.
Remote Deployment with Brev (Experimental)
If you do not have a Linux machine, you can deploy NemoClaw to a cloud GPU instance through Brev, NVIDIA’s cloud platform.
nemoclaw deploy my-remote-assistant
This command does a lot. It creates a Brev GPU VM instance. Installs Docker and the NVIDIA Container Toolkit. Installs OpenShell. Runs the full setup (gateway, providers, sandbox). Starts auxiliary services like a Telegram bridge and cloudflared tunnel for external access.
The default GPU is an A100. Change it with:
export NEMOCLAW_GPU="a2-highgpu-1g:nvidia-tesla-a100:2"
Monitor the remote sandbox:
ssh my-remote-assistant 'cd /home/ubuntu/nemoclaw && set -a && . .env && set +a && openshell term'
One caveat. The gateway does not survive instance reboots. If you stop and start the Brev instance, run nemoclaw deploy my-remote-assistant again to reconnect.
Brev also offers a “Try for free” option on build.nvidia.com. It redirects to a Launchable dashboard where you can spin up a pre-configured NemoClaw environment. No local setup needed at all. Good for evaluation before committing to a full installation.
For teams with dedicated hardware, Dell ships the GB300 Desktop with NemoClaw and OpenShell preinstalled. 20 petaFLOPS of FP4 performance. 748 GB coherent memory. It is the first OEM hardware built specifically for running autonomous agents securely.
Common Errors and Fixes
NemoClaw is alpha software. Here are the issues people hit most often.
| Error | Cause | Fix |
|---|---|---|
| Process killed (exit code 137) | OOM during image build. Docker + k3s + gateway exceed 8 GB. | Add 8 GB swap or use pre-built image |
| “Docker is not running” (Fedora) | Permission error, not a stopped daemon | sudo usermod -aG docker $USER && newgrp docker |
| “Failed to start ContainerManager” | Missing cgroup v2 host namespace | Add "default-cgroupns-mode": "host" to daemon.json |
| “sandbox not found” after creation | Race condition. Sandbox registered before ready. | Wait 30 seconds and retry. PR #229 fixes this. |
| Policy set fails at step 7 | Unquoted sandbox name in shell command | Fixed in PR #49 and PR #90. Update to latest. |
nemoclaw: command not found | Node version conflict with nvm | nvm alias default 22 |
| WSL2 GPU not detected | OpenShell cannot detect GPUs on WSL2 | openshell gateway start --gpu manually |
For diagnosing any issue, these commands help:
nemoclaw my-assistant statusfor NemoClaw-level healthopenshell sandbox listfor sandbox stateopenclaw nemoclaw status --jsonfor programmatic outputjournalctl -k | grep -i "oom\|killed"for OOM kills
One of our DevOps engineers hit the OOM issue on an 8 GB cloud VM. Adding 8 GB swap and using the pre-built sandbox image solved it immediately. Total time from broken to working: 5 minutes.
Supported Platforms
NemoClaw officially supports Ubuntu 22.04 LTS and later. But people are running it on other platforms with varying success.
| Platform | Status | Notes |
|---|---|---|
| Ubuntu 22.04+ (x86_64) | Fully supported | Primary development target |
| DGX Spark (aarch64) | Fully supported | Needs cgroup fix. Use nemoclaw setup-spark |
| DGX Station | Fully supported | Dedicated guide on build.nvidia.com |
| Fedora / RHEL | Works with fixes | Docker permission issue causes false “not running” error |
| WSL2 (Windows) | Experimental | GPU detection fails. Manual --gpu flag needed |
| macOS / Apple Silicon | Partial | Local inference broken. inference.local not added to /etc/hosts in sandbox |
If you are on Windows, WSL2 is your best bet. Install Ubuntu 22.04 through WSL2 and follow the standard Linux instructions. GPU passthrough works in Docker but OpenShell has trouble detecting it. Run openshell gateway start --gpu manually to force GPU allocation.
For macOS users, watch GitHub issue #260 for Apple Silicon progress. Cloud deployment through Brev is the better option for now.
Cleanup and Uninstall
If you need to start over or remove NemoClaw:
openshell sandbox delete my-assistantremoves the sandboxopenshell gateway destroy -g nemoclawstops the gatewaysudo npm uninstall -g nemoclawremoves the CLIrm -rf ~/.nemoclawremoves credentials and config
Key File Paths
| Path | Purpose |
|---|---|
~/.nemoclaw/credentials.json | Your NVIDIA API key |
/etc/docker/daemon.json | Docker cgroup configuration |
openclaw-sandbox.yaml | Network and filesystem policy |
blueprint.yaml | Version metadata and inference profiles |
/sandbox/ | Writable agent workspace inside sandbox |
/tmp/ | Writable temp directory inside sandbox |
What to Do After Setup
Once your first sandbox is running, here is what to do next.
- Write your policies. Define which hosts your agent can reach. Start strict. Loosen as needed.
- Run the approval TUI. Keep
openshell termopen in a separate terminal. Watch what your agent tries to access. - Test with simple tasks first. Ask the agent to write a file or make an API call. Verify the sandbox contains it.
- Check the audit trail. See every allow/deny decision. This is what compliance teams care about.
- Try model switching. Test different Nemotron models for your workload. Smaller models are faster and cheaper for simple tasks.
We helped a full-stack team in Southeast Asia set up OpenClaw for automated code review. Their first policy was simple. Allow GitHub API, npm registry, and their private GitLab instance. Block everything else. Within a week, they expanded the policy to include their CI/CD endpoints. The incremental approach worked well. Start locked down. Open up based on real needs.
NVIDIA also provides a guided walkthrough script if you prefer a hands-on tutorial. It requires tmux and your API key:
./scripts/walkthrough.sh
For hardware-specific guides, check the DGX Spark guide or the DGX Station guide on build.nvidia.com.
NemoClaw is alpha. Features will change. But the security architecture is solid. Getting familiar with it now means you are ready when it hits production status.
Need AI developers who can set up and manage autonomous agent infrastructure? Hire vetted remote developers with Second Talent to deploy NemoClaw for your team.
