NemoClaw Setup Guide 2026: How to Install NVIDIA's Open-Source AI Agent Stack

NemoClaw is an open-source reference stack built and maintained by NVIDIA. It provides:

• A secure agent runtime built on NVIDIA's OpenShell, using Landlock, seccomp, and network namespace sandboxing
• Nemotron model support — including Nemotron 3 Super 120B, NVIDIA's flagship open-weight model
• Flexible inference — run models locally via Ollama or route requests to NVIDIA's cloud Endpoint API
• Privacy router — intelligently mix local and cloud models based on data sensitivity
• Policy presets for common platforms: Discord, Slack, Telegram, npm, PyPI, Docker, and others
• Four security layers: Network, Filesystem, Process, and Inference — all policy-controlled

When combined with OpenClaw, NemoClaw provides the secure execution layer that enterprise teams need when deploying AI agents on sensitive workloads.

System Requirements

Before installing NemoClaw, confirm your system meets the minimum requirements:

Supported operating systems:

• Linux: Ubuntu 22.04 or newer (recommended)
• macOS: Apple Silicon (M1/M2/M3) via Docker Desktop
• Windows: WSL (Windows Subsystem for Linux)

Required software:

• Docker (latest stable)
• Node.js 20+
• curl

For local inference with Nemotron models, you'll need significantly more resources — at least 16 GB RAM and a capable GPU is recommended for the larger Nemotron variants. If you're using NVIDIA's cloud Endpoint API for inference, the base requirements above are sufficient.

Installation

NemoClaw installs with a single command:

curl -fsSL https://nvidia.com/nemoclaw.sh | bash

The install script will:

1. Check your system for Docker and Node.js 20+
2. Pull the NemoClaw container images
3. Initialize the OpenShell security runtime
4. Set up default security policies
5. Configure the local agent workspace

Inference Configuration: Local vs Cloud

One of NemoClaw's key design decisions is its flexibility around model inference. You have two primary options:

Option A: Local Inference via Ollama

Running models locally keeps your data on-premises. NemoClaw supports local inference via Ollama, which handles model downloads and serving. This is the right choice when:

• Data privacy regulations prevent sending data to external APIs
• You want to run Nemotron models without per-token cloud costs
• You need offline or air-gapped operation

For local inference, you'll need sufficient hardware — Nemotron 3 Super 120B is a large model. Smaller Nemotron variants or other Ollama-compatible models work well on consumer hardware within the RAM requirements above.

Option B: Cloud Inference via NVIDIA Endpoint API

NVIDIA's Endpoint API gives you access to the full Nemotron model lineup, including Nemotron 3 Super 120B, without running the model locally. This is suitable when:

• You don't have GPU hardware on-premises
• You need the highest-capability Nemotron models
• You want faster inference without local resource constraints

You'll need an NVIDIA developer account and API credentials to use this option.

Option C: Privacy Router (Mixed Mode)

NemoClaw's privacy router is one of its more practical enterprise features. It lets you define rules that determine whether a given request goes to a local model or a cloud model based on content classification. For example: internal business data stays local, general queries can use cloud inference.

Security Architecture

NemoClaw uses NVIDIA's OpenShell runtime to provide sandboxed execution. The security model is built on four policy-controlled layers:

• Network layer: Controls which external endpoints the agent runtime can reach, enforced via Linux network namespaces (netns)
• Filesystem layer: Restricts which directories the agent can read from and write to, enforced via Landlock
• Process layer: Limits system call access using seccomp filters
• Inference layer: Applies policy controls on model inputs and outputs — content filtering, data classification, and routing decisions

These aren't optional add-ons — they're the default execution model. Every agent workload in NemoClaw runs inside the OpenShell sandbox. You configure the policies; the runtime enforces them.

Policy Presets

Rather than writing security policies from scratch, NemoClaw ships with ready-made policy presets for common deployment scenarios:

• discord — appropriate permissions for a Discord bot agent
• slack — Slack workspace agent policy
• telegram — Telegram bot policy
• npm — safe defaults for agents that interact with npm registries
• pypi — Python package ecosystem policy
• docker — Docker API access controls

To apply a policy preset during configuration, select the preset that matches your deployment. Presets can be stacked and customized — you're not locked into using them exactly as shipped.

NemoClaw and OpenClaw

NemoClaw is designed to work alongside OpenClaw, NVIDIA's open-source AI agent framework. In a typical setup:

• OpenClaw handles agent orchestration, channel integrations (WhatsApp, Discord, Telegram), memory, and task scheduling
• NemoClaw provides the secure inference layer, model access, and policy enforcement that enterprises need

Together, they form a complete AI agent stack — OpenClaw manages what the agent does, NemoClaw controls how it does it securely. If you're already running OpenClaw agents and want to add Nemotron model support with enterprise security controls, NemoClaw is the recommended upgrade path.

Known Limitations (Alpha)

As of March 16, 2026, NemoClaw is in alpha. A few things worth knowing before you deploy:

• The API surface may change between releases
• Not all policy preset combinations have been fully validated
• Production hardening and performance tuning is ongoing
• Community support channels are still being established

If you're evaluating NemoClaw for an enterprise deployment, plan for these constraints and factor in the time required to stay current with upstream changes.

Who Should Use NemoClaw?

NemoClaw is a good fit if you're:

• A development team wanting to run NVIDIA Nemotron models in a managed, policy-controlled environment
• A business that needs provable security controls around AI agent behavior
• An IT team deploying OpenClaw agents and wanting enterprise-grade sandboxing
• An organization with data privacy requirements that rule out sending all queries to external APIs

It's a heavier stack than a minimal OpenClaw install — the security infrastructure and Docker dependencies add setup overhead. For teams without dedicated DevOps capacity, the managed setup route may be more practical.

Further Reading

• Complete OpenClaw Setup Guide — get familiar with the OpenClaw agent framework before adding NemoClaw
• OpenClaw vs ChatGPT for Business — understand when a persistent agent beats a chat interface
• CodeClaw NemoClaw Setup Service — managed deployment for businesses that need it done right