Key takeaways
- Announced by NVIDIA CEO Jensen Huang at the GTC 2026 keynote (March 16, 2026), built in collaboration with OpenClaw creator Peter Steinberger — 21K+ GitHub stars within three months
- Wraps OpenClaw or Hermes in an NVIDIA OpenShell sandbox where every network request, file access, and inference call is governed by declarative policy, managed through a single CLI
- Free and Apache 2.0 licensed, but explicitly an alpha project with best-effort maintainer support and no guaranteed response timelines
FAQ
What is NemoClaw?
NemoClaw is NVIDIA's open-source reference stack for running always-on AI agents like OpenClaw and Hermes more safely inside NVIDIA OpenShell sandboxes, with routed inference and network policy controls.
How much does NemoClaw cost?
Free, Apache 2.0 licensed. Inference costs apply separately — either NVIDIA cloud-routed inference or free local inference via Nemotron models on capable hardware.
Does NemoClaw require NVIDIA hardware?
No. The architecture is hardware-agnostic, though NVIDIA promotes it on GeForce RTX PCs, RTX PRO workstations, DGX Spark, and DGX Station, where Nemotron models can run inference locally.
How is NemoClaw different from OpenClaw?
NemoClaw is not an OpenClaw alternative — it is a security and deployment layer that installs and runs OpenClaw itself inside a policy-governed OpenShell sandbox.
Executive Summary
NemoClaw is NVIDIA's open-source reference stack for running always-on AI agents — OpenClaw by default, Hermes optionally — more safely inside NVIDIA OpenShell sandboxes.[1] Announced by CEO Jensen Huang during the GTC 2026 keynote on March 16, 2026, it was developed in collaboration with OpenClaw creator Peter Steinberger and packages guided onboarding, a hardened blueprint, routed inference, network policy, and lifecycle management behind a single CLI.[2][3]
The pitch is direct: OpenClaw's biggest criticism is its security model, and NemoClaw turns it into a sandboxed deployment enterprises and cautious individuals can run with one command. Traction has been rapid — 21K+ GitHub stars, 2,800+ forks, and daily pushes within three months of launch — but the README is explicit that this is an alpha project maintained on a best-effort basis.[4][1]
| Attribute | Value |
|---|---|
| Company | NVIDIA |
| Launched | March 16, 2026 (GTC keynote); repo created March 15, 2026 |
| GitHub Stars | 21K+ (as of June 2026) |
| Language | TypeScript |
| License | Apache 2.0 |
| Status | Alpha, actively developed |
Product Overview
NemoClaw does not replace OpenClaw — it deploys it. The installer sets up the NVIDIA OpenShell runtime and Nemotron models, then uses a versioned blueprint to create a sandboxed environment where every network request, file access, and inference call is governed by declarative policy.[1][2] The nemoclaw CLI orchestrates the full stack; setting NEMOCLAW_AGENT=hermes (or using the nemohermes alias) swaps in the Hermes agent from Nous Research.[1]
Key Capabilities
| Capability | Description |
|---|---|
| Guided onboarding | Single-command install of agent + OpenShell runtime + Nemotron models[2] |
| Hardened blueprint | Versioned sandbox definition with container hardening, capability drops, process limits[5] |
| Network policy | Baseline egress rules, operator approval flow, static and dynamic policy presets[5] |
| Routed inference | Inference calls intercepted by OpenShell and routed to NVIDIA cloud or local Nemotron models[1] |
| Lifecycle management | Sandbox create/update/teardown and host-side state via one CLI[1] |
| Multi-agent support | OpenClaw (default) and Hermes[1] |
Technical Architecture
NemoClaw is a TypeScript CLI and plugin layer that sits above two other NVIDIA components: OpenShell (the sandbox runtime that intercepts network, filesystem, and inference calls) and Nemotron (NVIDIA's open model family for local inference).[4][2] Local Nemotron inference means no per-token costs and better privacy on capable hardware; alternatively, inference routes through NVIDIA's cloud provider via a privacy router.[6][2]
NVIDIA promotes deployment on GeForce RTX PCs and laptops, RTX PRO workstations, and DGX Spark / DGX Station systems for always-on local agents — but the architecture is hardware-agnostic and does not require NVIDIA GPUs.[2][3]
Key Technical Details
| Detail | Value |
|---|---|
| Deployment | Local CLI; sandboxed agent runs always-on on user hardware |
| Models | NVIDIA Nemotron (local) or routed cloud inference |
| Integrations | OpenClaw, Hermes, NVIDIA OpenShell runtime |
| Open Source | Yes — Apache 2.0, public repo with discussions and Discord[1] |
Strengths
- First-party NVIDIA backing — Announced in a Jensen Huang GTC keynote with a dedicated docs site, security disclosure program (PSIRT), and a community examples repo; this is not a side project.[2][5]
- Addresses OpenClaw's weakest point — Declarative network policy, sandbox hardening, and credential handling target the security criticisms that dominate OpenClaw discussion.[3]
- Official OpenClaw collaboration — Built with creator Peter Steinberger, who said NVIDIA and the ecosystem are "building the claws and guardrails that let anyone create powerful, secure AI assistants."[2]
- Free local inference path — Nemotron models on RTX/DGX hardware eliminate token costs for always-on agents.[6]
- Rapid adoption and activity — 21K+ stars, 2,800+ forks, and commits pushed as recently as June 11, 2026.[4]
Cautions
- Alpha software — The README states maintainers review issues and PRs "on a best effort basis without guaranteed response timelines"; TechCrunch describes it as an early-stage alpha.[1][3]
- Inference routing raises lock-in questions — Sandboxed inference calls are intercepted and routed, with NVIDIA's cloud as the managed path; HN commenters read this as a play to become OpenClaw's default compute provider.[7]
- Sandboxing doesn't solve the core risk — A sandboxed agent still holds whatever credentials you grant it (email, calendar, Slack); containment limits blast radius, not delegated authority.[7]
- 392 open issues as of June 2026 — Consistent with alpha status and a fast-growing user base.[4]
- NVIDIA ecosystem gravity — Hardware-agnostic on paper, but the optimized path (local Nemotron, DGX Spark) is NVIDIA silicon end to end.[2]
What Developers Say
From the 261-comment Hacker News launch thread (March 2026):[7]
"Seems like they are doing this to become the default compute provider for the easiest way to set up OpenClaw." — an HN commenter[7]
"What I think is different in this setup here is the OpenShell gateway override." — an HN commenter[7]
"Secure installation isn't the main problem with OpenClaw. This project doesn't seem to be solving a real problem." — an HN commenter[7]
"I think the 'simplifies running OpenClaw always-on assistants safely' bit is pretty misleading." — an HN commenter[7]
The thread's dominant debate: whether sandboxing meaningfully helps when the agent's usefulness depends on credentialed access to email, calendars, and accounts — containment versus delegation risk.
Pricing & Licensing
| Tier | Price | Includes |
|---|---|---|
| Open Source | Free | Full stack: CLI, OpenShell blueprint, network policy, Nemotron model setup |
Licensing model: Apache 2.0 — permissive, commercial use allowed.[1]
Hidden costs: Cloud inference fees when not running Nemotron locally; capable GPU hardware (RTX PC, DGX Spark) for the local-inference path.[6]
Competitive Positioning
NemoClaw occupies an unusual position: it is complementary to OpenClaw rather than a rewrite of it, competing instead with other ways to deploy agents safely.
Direct Competitors
| Competitor | Differentiation |
|---|---|
| OpenClaw (bare) | NemoClaw adds sandbox, network policy, and managed inference on top; bare OpenClaw is simpler but runs with host access |
| IronClaw | IronClaw is a Rust reimplementation with its own WASM sandbox; NemoClaw secures the original OpenClaw instead of replacing it |
| ZeroClaw | ZeroClaw rebuilds the agent minimal-and-secure in Rust; NemoClaw keeps OpenClaw's full ecosystem and contains it |
| DIY Docker/VM isolation | NemoClaw replaces hand-rolled container setups with a versioned, policy-governed blueprint |
When to Choose NemoClaw Over Alternatives
- Choose NemoClaw when: You want OpenClaw's full ecosystem with vendor-maintained sandboxing, or free local inference on NVIDIA hardware.
- Choose IronClaw / ZeroClaw when: You prefer a security-first reimplementation over containing the original.
- Choose bare OpenClaw when: You accept the security tradeoffs and want zero added layers.
Ideal Customer Profile
Best fit:
- Enterprises piloting always-on agents that need policy-governed egress and auditability
- Owners of RTX PCs or DGX Spark/Station hardware who want token-cost-free local agents
- OpenClaw users uncomfortable running it with full host access
- Teams that want a vendor-backed deployment path rather than DIY containers
Poor fit:
- Embedded/minimal-hardware deployments (use ZeroClaw)
- Users wanting a stable, supported product today — this is alpha with best-effort support
- Those wary of NVIDIA-managed inference routing as the default cloud path
Viability Assessment
| Factor | Assessment |
|---|---|
| Financial Health | Backed by NVIDIA — effectively unlimited resources |
| Market Position | First-party security layer for the largest agent ecosystem (OpenClaw) |
| Innovation Pace | High — daily pushes; public priorities list maintained in repo |
| Community/Ecosystem | 21K+ stars, Discord, GitHub Discussions, community examples repo |
| Long-term Outlook | Strong, with strategic-dependency caveat |
NVIDIA's incentive is durable: NemoClaw positions its hardware and cloud inference as the default substrate for personal agents. The risk is the inverse — the project serves NVIDIA's platform strategy, and its direction will follow that strategy rather than community priorities alone.[7]
Bottom Line
NemoClaw is the most credible answer yet to "how do I run OpenClaw without giving an LLM full access to my machine" — a one-command, NVIDIA-maintained sandbox stack with free local inference on the right hardware. It earned 21K+ stars in three months because it solves a real deployment problem for the largest agent ecosystem. But it is alpha software, the sandboxing debate (containment vs. credential risk) is unresolved, and the managed-inference design doubles as an NVIDIA distribution play.
Recommended for: Enterprises and cautious power users deploying OpenClaw who want vendor-backed isolation; NVIDIA hardware owners wanting always-on local agents.
Not recommended for: Minimal-hardware deployments, users needing production-grade support guarantees, or those avoiding NVIDIA platform dependency.
Outlook: NVIDIA backing, official OpenClaw collaboration, and rapid early traction make NemoClaw the likely default enterprise deployment path for the OpenClaw ecosystem — if it graduates from alpha.
Research by Ry Walker Research • methodology
Sources
- [1] NemoClaw GitHub Repository (README)
- [2] NVIDIA Announces NemoClaw for the OpenClaw Community
- [3] Nvidia's version of OpenClaw could solve its biggest problem: security
- [4] GitHub API: NVIDIA/NemoClaw repository metadata
- [5] NemoClaw Documentation (NVIDIA)
- [6] GTC Spotlights RTX PCs and DGX Sparks Running AI Agents Locally
- [7] Hacker News: Nvidia NemoClaw (385 points, 261 comments)