NemoClaw is an early preview reference stack from NVIDIA that wraps an agent runtime with guided onboarding, a hardened blueprint, state management, OpenShell managed channel messaging, routed inference, and layered protections. The project is explicitly alpha preview, meant for experimentation and feedback rather than production use.
What caught my attention is that NVIDIA is publishing an open reference stack to harden agent deployments. NemoClaw installs the NVIDIA OpenShell runtime and a set of management components that gate agent capabilities, log actions, and provide a reproducible blueprint lifecycle. If you are looking into safer agent deployments, you might also explore how Hermes Agent runs as a persistent terminal AI assistant — another reference for agent runtime patterns.
How It Works
The architecture emphasizes explicit capability grants, per-step auditability, and a hardened default posture to reduce the risk of an agent silently accessing files, tokens, or network resources.
git clone https://github.com/NVIDIA/NemoClaw.git cd NemoClaw # read OVERVIEW.md and the Architecture docs for deployment notes
| Feature | What It Provides |
|---|---|
| Guided onboarding | Opinionated setup to reduce misconfiguration |
| Hardened blueprint | Reproducible runtime templates for agents |
| State management | Explicit lifecycle for agent runs and snapshots |
| OpenShell runtime | Sandbox and channel mediation by NVIDIA |
| Routed inference | Control over where heavy inference runs occur |
Key Architecture Properties
- Deny by default — No capabilities are granted until explicitly configured
- Per-step audit — Every agent action is logged for review
- Reproducible blueprints — Runtime templates ensure consistent deployments
- OpenShell mediation — Channel messaging is managed through the NVIDIA runtime
For a different take on running agent software on accessible hardware, check out Hermes Agent Desktop as a native Windows AI agent — another approach to agent deployment outside the cloud.
What the Community Says
“The sandbox approach definitely makes sense for hardware independence, even if the market impact on nvidia is still a ways off.” — u/BuildWithRiikkk
“The ‘deny all by default’ sandbox posture is a good instinct, in enterprise the scary part isn’t just the model choice, it’s the agent getting ambient access to files/tokens/network.” — u/Original-Fennel7994
Try It and Evaluate
- Clone the repo and read the Overview and Architecture sections.
- Run a staging deployment, enable extensive logging, and validate that capability grants are explicit and auditable.
Do not run alpha software in production without containment. NemoClaw is a reference scaffold intended to inform secure deployments, not replace your own security review.
Project link:
https://github.com/NVIDIA/NemoClaw
- How to Give AI Agents Long-Term Memory with MemPalace
MemPalace is an open-source memory architecture for AI systems that organizes long-term context using spatial geometries inspired by the ancient..
- How to Connect AI Agents to Google Workspace
Google Workspace CLI is an open‑source tool that gives AI agents programmatic access to Drive, Gmail, Calendar, Sheets, Docs, and..
- How to Orchestrate AI Teams for Software Development with Gstack
Gstack is an open-source AI orchestration framework created by Y Combinator CEO Garry Tan. It transforms Claude Code into a..
- Skales: AI Desktop Assistant Without Docker or Complexity
Skales is a native desktop AI assistant that runs without Docker, containers, or complex setup. It’s designed for non-technical users..
