NemoClaw is a Docker-hosted sandbox backend that wraps the OpenClaw agent runtime with NVIDIA OpenShell policy controls. Instead of running your agent in a standard Docker container, NemoClaw adds a policy layer that can allow or deny specific actions the agent tries to take, and can require operator approval before certain operations proceed. This makes it well-suited for security-sensitive workflows, compliance environments, or any situation where you need auditability and control over what an agent is permitted to do.Documentation Index
Fetch the complete documentation index at: https://noradocs.solomontsao.com/llms.txt
Use this file to discover all available pages before exploring further.
When to use NemoClaw
Use a NemoClaw sandbox when:- You need to restrict or audit the actions your agent takes at runtime.
- Your organization requires approval workflows before the agent performs sensitive operations.
- You want to use NVIDIA Nemotron models, which are only available in the NemoClaw sandbox.
- You are operating in a compliance-sensitive environment where a standard Docker sandbox is insufficient.
Supported Nemotron models
NemoClaw agents use NVIDIA’s Nemotron family of models via the NVIDIA API. The following models are supported:| Model ID | Description |
|---|---|
nvidia/nemotron-3-super-120b-a12b | Default model — 120B parameter Nemotron Super |
nvidia/llama-3.1-nemotron-ultra-253b-v1 | 253B parameter Nemotron Ultra based on Llama 3.1 |
nvidia/llama-3.3-nemotron-super-49b-v1.5 | 49B parameter Nemotron Super based on Llama 3.3 |
nvidia/nemotron-3-nano-30b-a3b | Lightweight 30B Nemotron Nano |
To use these models you must have an NVIDIA API key saved in Settings under the NVIDIA provider. See Add and sync LLM provider keys.
Deploy a NemoClaw agent
Deploying a NemoClaw agent follows the same steps as a standard agent, with one difference in the sandbox selection.Enter a name and set resources
Enter an agent name and configure vCPU, RAM, and disk as you would for any agent.
Select the NemoClaw sandbox
In the Sandbox type field, choose NemoClaw. If this option is greyed out or returns an error, NemoClaw is not enabled on your instance.
Check NemoClaw status
To verify that a NemoClaw agent is running and that the sandbox is healthy:- Open the agent’s detail page.
- Look for the NemoClaw section or tab.
running state, the status will reflect the agent’s current lifecycle state instead.
You can also call the status API directly:
Manage policies
NemoClaw agents enforce OpenShell policies that control what the agent is allowed to do. You can read and update these policies from the agent’s detail page. View the current policy:- Open the agent’s NemoClaw tab.
- Click View Policy or inspect the policy panel.
- Open the NemoClaw tab on the agent’s detail page.
- Edit the allow and deny rules in the policy editor.
- Click Save Policy.
Review approvals
When the agent attempts an action that your policy flags for review, an approval request is created. You can inspect and act on pending approvals from the dashboard or the API. From the dashboard:- Open the agent’s NemoClaw tab.
- Open the Approvals section to see any pending requests.
- Approve or deny each request.