explaingit

nvidia/nemoclaw

📈 Trending20,514TypeScriptAudience · developerComplexity · 4/5ActiveLicenseSetup · hard

TLDR

A secure sandbox for running autonomous AI agents locally, with Linux kernel-level isolation to prevent agents from accessing your files or network without permission.

Mindmap

mindmap
  root((NemoClaw))
    What it does
      Sandboxes AI agents
      Restricts file access
      Isolates network
    How it works
      OpenShell runtime
      Landlock restrictions
      Seccomp filtering
    Setup and use
      One-command install
      Terminal interface
      Model routing
    Tech stack
      Node.js runtime
      Docker containers
      Linux kernel tools
    Use cases
      Local agent testing
      Autonomous workflows
      Safe experimentation

Things people build with this

USE CASE 1

Run autonomous AI agents on your local machine without them accessing files or network outside a sandbox.

USE CASE 2

Test and experiment with always-on AI assistants that can take actions on your behalf safely.

USE CASE 3

Route AI queries to the cheapest capable model automatically instead of always using expensive large models.

USE CASE 4

Set up a secure autonomous agent workflow with guided installation and terminal-based interaction.

Tech stack

TypeScriptNode.jsDockerLinuxLandlockseccomp

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Linux kernel with Landlock support, Docker, and understanding of seccomp/security policies to configure properly.

Use freely for any purpose including commercial. Keep the notice and disclose changes to the patent grant.

In plain English

NVIDIA NemoClaw is an open-source reference stack, essentially a pre-configured setup guide and toolset, for running OpenClaw AI assistants in a more secure and controlled way. OpenClaw is a type of always-on autonomous AI agent, meaning it can run continuously in the background and take actions on your behalf. NemoClaw wraps OpenClaw inside NVIDIA's OpenShell runtime, which adds a protective sandbox around the agent so it cannot freely access your system or network in unintended ways. The core problem NemoClaw solves is that running autonomous AI agents on your own hardware is risky if the agent has unconstrained access to your files, network, and processes. NemoClaw addresses this by applying Linux kernel-level security techniques (Landlock filesystem restrictions, seccomp system-call filtering, and network namespace isolation) to confine the agent. It also handles guided setup, state management, secure messaging between the agent and the outside world, and routing of AI inference requests, either to NVIDIA's hosted model endpoints or to a local model served via Ollama. Installation is a single curl command that runs a setup wizard, after which you interact with the agent through a terminal interface or command-line messages. An experimental model router feature automatically picks the cheapest AI model capable of handling each query, rather than sending everything to a large expensive model. NemoClaw is intended for developers and researchers who want to experiment with autonomous AI agents locally without giving those agents free rein over their machine. It requires Node.js 22+, Docker, and runs on Linux, macOS (Apple Silicon), and Windows via WSL2. The project was in early alpha as of early 2026.

Copy-paste prompts

Prompt 1
How do I install NemoClaw and set up my first autonomous AI agent using the curl command?
Prompt 2
Show me how to configure NemoClaw to use local Ollama models instead of NVIDIA's hosted endpoints.
Prompt 3
How does NemoClaw's model router work to automatically pick the cheapest model for each query?
Prompt 4
What Linux security features does NemoClaw use to sandbox the AI agent, and how do I verify the restrictions are working?
Prompt 5
How do I send messages to a running NemoClaw agent from the command line and see its responses?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.