NVIDIA has released NemoClaw, an open-source reference stack designed to help developers run AI agents more safely on local machines by combining sandboxed execution, network controls, and local inference. The toolkit simplifies deployment of always-on AI assistants while addressing a critical gap in the agent ecosystem: how to run autonomous systems without exposing sensitive data or allowing unintended actions.

What Problem Does NemoClaw Actually Solve?

AI agents are becoming more powerful, but they're also becoming riskier. When an agent can access your filesystem, connect to external services, or execute commands, the potential for data leakage, malicious code execution, or unintended modifications grows significantly. NemoClaw tackles this by wrapping agents in OpenShell, NVIDIA's runtime environment designed specifically for executing agents with additional security guardrails.

The toolkit addresses several concrete risks that developers face when deploying agents. These include data leakage if an agent accesses materials that could be exposed or stolen, malicious code execution through connected tools or services, unintended actions like file modifications or unauthorized message sending, and prompt injection attacks where external inputs hijack agent behavior.

How to Set Up NemoClaw on Your Local System

• Installation: A single command (nemoclaw.sh) handles installation of Node.js, OpenShell, and the NemoClaw command-line interface, with no manual cloning required.
• Onboarding: An interactive wizard guides you through creating a sandboxed agent with recommended security settings, optional web search via Brave Search API, and optional messaging channels like Telegram, Discord, or Slack.
• Local Inference: The toolkit connects your agent to Ollama, a local inference engine, so model API calls stay on your machine rather than routing to external cloud services.
• Policy Configuration: You define network presets and filesystem access rules at sandbox creation, controlling exactly what your agent can and cannot do.
• Access Options: Once running, you interact with your agent through either a web user interface or a terminal-based text interface.

The entire setup process takes roughly 30 to 60 minutes for a first-time installation, depending on which optional features you enable and your network speed for downloading the local language model.

What Security Controls Does NemoClaw Actually Provide?

NemoClaw implements four layers of protection that address different attack surfaces. Filesystem controls prevent reads and writes outside allowed paths, locked in place when the sandbox is created. Network controls block unauthorized outbound connections and can be reloaded at runtime if you need to adjust permissions. Process controls block privilege escalation and dangerous system calls, also locked at sandbox creation. Inference controls reroute model API calls to controlled backends, allowing you to swap between local and remote inference without changing your agent code.

These controls are not foolproof. NVIDIA explicitly states that this is a demonstration, not a production-ready solution, and that users accept full responsibility for any third-party components, data, accounts, and tools they connect. The toolkit is designed for clean environments without sensitive data or confidential information.

What Are the Real Risks You Should Know About?

Running any AI agent carries inherent risks, even with sandboxing. NVIDIA identifies several scenarios that developers must account for. Data leakage can occur if the agent accesses materials that are then exposed, leaked, or stolen through connected services. Malicious code execution is possible if the agent or its connected tools expose your system to cyber-attacks. Unintended actions might include file modifications, deletions, or unauthorized message sending. Prompt injection and manipulation can occur when external inputs or connected content hijack agent behavior in unexpected ways.

The risk level for running NemoClaw is classified as medium. Isolation reduces risks but does not eliminate them entirely. NVIDIA recommends using a fresh device or virtual machine with no personal data, confidential information, or sensitive credentials, treating the environment like a true sandbox.

Who Should Actually Use NemoClaw?

NemoClaw is designed for developers and AI engineers who want to experiment with agents locally before deploying them to production environments. You'll need basic familiarity with Linux terminal commands, SSH access, and Docker permissions. The toolkit requires a DGX Spark (GB10) with keyboard and monitor or SSH access, running a fresh installation of DGX OS with the latest updates. Docker 28.x or later is required.

If you want to enable optional features like Telegram integration, you'll need a Telegram bot token created through @BotFather. For web search capabilities, you'll need a Brave Search API key. These are optional; the core agent functionality works without them.

The toolkit represents NVIDIA's effort to address a growing concern in the AI agent ecosystem: how to let developers safely experiment with autonomous systems without creating security nightmares. By combining local inference, sandboxed execution, and granular policy controls, NemoClaw offers a middle ground between unrestricted agent deployment and the complexity of full enterprise security infrastructure.