NVIDIA’s NemoClaw project brings an open-source reference stack that orchestrates OpenShell and OpenClaw. It lets you run self-hosted, sandboxed AI agents using local models like Nemotron.
This blog post breaks down what NemoClaw is, how it works, and what deployment looks like—from prerequisites to on-device inference. The focus is on privacy, control, and running tool-enabled assistants that don’t quit halfway through a job.
What NemoClaw Is and Why It Matters
NVIDIA launched NemoClaw as an open-source framework. It pairs OpenShell and OpenClaw to run self-hosted, sandboxed AI agents with local models such as Nemotron.
This architecture aims for persistent, multi-step assistants that can read files, call APIs, and do complex workflows. Everything happens on local hardware, so you get tighter data privacy and more control.
In practice, NemoClaw gives you an on-device AI stack. It can run long-running tools and tasks without calling home to some external runtime.
The reference deployment shows how to run these agents on a beefy workstation or server, keeping models and data inside your organization’s four walls.
Technical Foundations
NemoClaw pulls together three open-source components to deliver secure, sandboxed AI workflows:
- OpenShell – a sandboxing layer that enforces network and filesystem policies. It also gives you real-time visibility through a TUI into blocked connections.
- OpenClaw – a multi-channel agent manager that coordinates several tool-enabled agents under one orchestration layer.
- NemoClaw installer – the glue that wires OpenShell and OpenClaw together. It also offers onboarding features, including optional remote access via Telegram.
Supporting tech includes the Nemotron family of local models and Ollama as the local model-serving engine. The goal: keep inference on-premises.
The stack adds an onboarding flow that can pair humans with the agent over messaging channels, but still keeps strict local control over the environment.
Deployment Playbook: Prerequisites to Preloading
The NemoClaw guide walks you through a deployment using NVIDIA DGX Spark (GB10) hardware running Ubuntu 24.04. You’ll need a few core pieces:
- Docker 28++ and the NVIDIA container runtime for hardware-accelerated containers.
- Ollama as the local model-serving engine to host Nemotron models.
- Configuring Docker and systemd so Ollama listens on all interfaces.
- Pulling and preloading the 87 GB Nemotron 3 Super 120B model, then caching weights to cut down on cold-start lag.
The NemoClaw installer ties everything together, enabling OpenShell and OpenClaw. It walks administrators through an onboarding flow that can include a Telegram bot for remote access.
Sandboxed Architecture: Policies, Visibility, and Access
At the heart of NemoClaw sits OpenShell. It enforces both network and filesystem policies, and gives you a text user interface (TUI) for real-time visibility into blocked connections.
It supports session-based or permanent policy approvals, so you control external access. This design helps organizations keep a tight grip on what agents can touch or run, which is great for privacy and compliance.
You can reach the sandboxed dashboard locally or remotely using things like port forwarding and SSH tunneling. The onboarding flow can also pair Telegram users with the agent using a BotFather token and a structured approval process. That way, you get controlled remote interactions—if you really need them.
On-Device Inference and Lifecycle Management
Typical inference latency for the 120B Nemotron model running locally falls somewhere between 30–90 seconds per response. All inference happens right on the device, with no need for external runtime dependencies.
The NemoClaw toolkit offers a handful of administration commands for lifecycle management. You get options like connect, status, logs, start/stop, policy-add, plus a straightforward uninstaller for clean removal when you need it.
The sandbox provides solid isolation, but administrators should know—no sandbox is truly foolproof against advanced prompt injection. It’s a reminder to stay alert and keep guardrails in place, just in case.
NVIDIA includes detailed documentation, GitHub sources, and playbooks to support alternative deployments. These resources make NemoClaw feel like a practical path for secure, always-on local AI assistants that actually respect data locality and governance.
With NemoClaw, organizations get a repeatable, auditable approach to building local AI assistants. These assistants can read, reason, and act, all inside a controlled environment.
Here is the source article for this story: Build a Secure, Always-On Local AI Agent with OpenClaw and NVIDIA NemoClaw