How to Use NemoClaw for OpenClaw Security: Complete Step by Step Guide
By Braincuber Team
Published on April 21, 2026
OpenClaw is arguably the most popular agentic tool in 2026. However, it has serious security vulnerabilities that enterprises and individuals cannot afford to ignore. Giving any autonomous agent broad access to your system without restrictions can lead to serious problems. NVIDIA saw this as an opportunity to create a solution called NemoClaw. This complete tutorial shows you what NemoClaw is, how it works, and how to deploy it for secure AI agent workflows.
What You'll Learn:
- What NemoClaw is and how it secures OpenClaw
- How OpenShell runtime provides sandboxed execution
- Enterprise-grade security features and policy enforcement
- Human-in-the-loop approvals for agent actions
- Privacy routing and local AI model deployment
- Limitations and future outlook for NemoClaw
What Is NemoClaw?
NemoClaw is a secure runtime layer that sits on top of OpenClaw to control the agent's actions. The agent can still write code, browse the web, and manage files, but its actions now go through policy checks enforced by NVIDIA's OpenShell runtime.
OpenShell provides sandboxed execution environments for protecting your data and infrastructure using policies that are defined in YAML files. The policies prevent unauthorized network activity, access to certain files, and data exfiltration. This ensures that even if a compromised package like the LiteLLM Python library tries to grab your credentials, it would be impossible for it to access files outside the sandbox or dump your data online.
NemoClaw Key Features and Capabilities
Let's explore the enterprise-grade security features that make NemoClaw a powerful security layer for OpenClaw deployments.
Enterprise-Grade Security
With OpenShell, the agent's actions have to pass through existing policies. If a specific command is not allowed, it is flagged for manual review before execution.
Hybrid Deployment
NemoClaw allows you to choose between using a local model and API-based cloud providers such as OpenAI and Anthropic.
NVIDIA Nemotron Integration
NemoClaw natively integrates with NVIDIA's Nemotron 3 Super 12B model. You can use it for free with an NVIDIA API key.
Policy-Driven Guardrails
Policies are defined in YAML files, which you can edit to adjust or add new policies for your specific security requirements.
The OpenShell Runtime
NemoClaw uses the OpenShell runtime to provide comprehensive security for your AI agent deployments. This is the key difference between running OpenClaw bare and using NemoClaw.
| Security Feature | Description |
|---|---|
| Network Blocking | Blocks unauthorized network connections and prevents prompt injection from malicious websites |
| File System Restrictions | Restricts reads and writes to the sandbox environment only |
| Outbound Connection Control | Blocks all outbound connections except those explicitly allowed |
| Privilege Escalation Prevention | Prevents the agent from granting new permissions beyond those given |
You can achieve similar results while using OpenClaw in a Docker environment, but NemoClaw's approach is stricter while giving you the option to approve individual requests manually.
Human-in-the-Loop Approvals
With NemoClaw, you have to manually approve any request that is not already allowed by the policy. This is a critical security feature for enterprise deployments.
Example: Network Request
When OpenClaw tries to ping an endpoint that is not allowed, OpenShell will block the request and provide a prompt on the terminal for you to approve or deny the action.
Privacy Routing and Local AI
When setting up NemoClaw, you get the option to use it with Nemotron 3 Super 120B locally or with an NVIDIA API. This means you can use the model for free if you have the hardware to run it locally.
Local Models for Healthcare
Local models are a strong selling point for industries with strict privacy concerns, such as healthcare, where data cannot leave the premises.
Like OpenClaw, NemoClaw is model agnostic, meaning you can use it with any of the supported local or API-based providers. This gives you flexibility in choosing the right model for your use case while maintaining security.
Policy Configuration
By default, NemoClaw has strict policies that prevent the agent from executing dangerous code or leaking sensitive data. These policies are defined in YAML files.
Edit Policy YAML Files
Policies are defined in YAML files, which you can edit to adjust or add new policies. When an action is rejected, you can allow it, and it will only persist within that session.
Make Permanent Policy Changes
To make a policy change permanent, you will have to edit the policies YAML file directly. Session-based approvals are temporary and will reset.
Choose Security Presets
NemoClaw allows you to choose some policies via the provided presets when setting up. Select the preset that best fits your security requirements.
NemoClaw Limitations and Caveats
While NemoClaw provides enterprise-grade security, it has some limitations you should be aware of before deploying.
| Limitation | Description |
|---|---|
| Early-Stage Alpha | NemoClaw is not ready for production. APIs may change with breaking changes. |
| Limited OS Support | Only Linux is fully supported at the moment |
| Hardware Requirements | Running Nemotron or other open-source models locally requires significant GPU resources |
| Restrictive Policies | For everyday users, security policies can be too restrictive for simple tasks |
NemoClaw vs OpenClaw Security
SecurityScorecard's research from February 2026 found tens of thousands of exposed OpenClaw instances. This research validates the fact that a secure way of setting up OpenClaw is needed.
LiteLLM Example
When the LiteLLM Python package was compromised, thousands of users were vulnerable. With NemoClaw running in a sandbox with policies that control access to certain folders, it would be impossible for the compromised package to grab credentials and dump them online.
The security layer of NemoClaw via OpenShell ensures that your agent will not perform any tasks that are not already allowed by your defined policies.
Future Outlook
During NVIDIA's GTC keynote, Jensen Huang compared OpenClaw to Linux, stating that OpenClaw achieved in a few weeks what Linux did in 30 years. Every company should have an OpenClaw strategy.
Given that every company needs an agentic computing strategy, the potential for OpenClaw is huge. But that comes with serious challenges around security. Therefore, NemoClaw will likely evolve into a product that even normal users can use to secure their installations, not just businesses.
Future Accessibility
This will make it possible for people to comfortably run OpenClaw on their personal computers without the need to purchase another computer to prevent harm to their main computer.
Frequently Asked Questions
What is NemoClaw and how does it relate to OpenClaw?
NemoClaw is NVIDIA's open-source security and governance layer built on top of OpenClaw. It does not replace OpenClaw but makes OpenClaw more secure.
Does NemoClaw require NVIDIA hardware to run?
No. NemoClaw can run on any dedicated platform, including RTX PCs, DGX Station, and DGX Spark systems.
How does NemoClaw handle security at the agent level?
Policy enforcement runs out-of-process; it executes outside the agent's address space, in a separate process that the agent cannot access, modify, or terminate.
What models does NemoClaw support?
NemoClaw lets you run open-source models like NVIDIA NeMoTron locally on your dedicated system, or use API-based providers like OpenAI and Anthropic.
Is NemoClaw ready for production use?
Not yet. NemoClaw is available in early preview starting March 2026. The software is not production-ready.
Need Help Securing Your AI Agents?
Our experts can help you configure NemoClaw, set up OpenShell policies, and implement enterprise-grade security for your OpenClaw deployments.