Installing NemoClaw: My Experience Running Secure AI Agents
Every company needs an OpenClaw strategy. - Jensen.
Tom W.
Scout A. TeamNVIDIA introduced NemoClaw at GTC 2026 as a security layer for OpenClaw, designed to run AI agents in containerized sandboxes. The idea is simple: run autonomous agents more safely by locking down everything by default, then grant only the permissions you actually need.
I spent a few days with NemoClaw to see how it works in practice.
What NemoClaw Actually Does
OpenClaw has become the operating system for personal AI, letting agents run tasks, write code, and work autonomously. But that autonomy brings risk. An agent with full system access can cause real damage if something goes wrong.
NemoClaw creates a security boundary around OpenClaw. It wraps the framework in Docker containers managed by NVIDIA's OpenShell, a policy engine that enforces what agents can and cannot do. By default, everything is locked down: no network access, no system access, nothing. You grant permissions explicitly through OpenShell commands.
It works like a firewall for your AI agent. Everything is blocked until you say otherwise.
Installation: 20 Minutes, One Stumble
Setup took about 20 minutes from scratch to a working agent. The process is simple:
curl -fsSL https://www.nvidia.com/nemoclaw.sh | bashIf you already have a local AI assistant, you can just ask it to help install NemoClaw, and it will walk you through the process.
The documentation is clear and thorough for a brand-new project. NVIDIA clearly invested in making onboarding smooth.
The only friction I hit was figuring out the network rules. NemoClaw uses OpenShell's term command to approve access, and it took a little time to understand how to allow network connections properly. Once that clicked, everything else fell into place.
The Deny by Default Philosophy
This is where NemoClaw stands apart from running OpenClaw on its own. With standard OpenClaw, everything is open by default. Your agent has broad access to your system, network, and tools. You trust it to behave.
NemoClaw reverses that. Everything is locked down. When your agent tries to access a website or use a tool, it gets blocked. You see what's blocked, then you approve it. Approval becomes part of the workflow, built into the runtime.
For enterprises, this matters. For anyone running agents that touch sensitive systems, this matters. You're not hoping the agent behaves—you're enforcing boundaries.
What I Ran Through It
I've been using NemoClaw mainly for research tasks and, more recently, for publishing memes to ZenBin. I connected it to Telegram so I can chat with the agent from my phone; that integration was straightforward once I sorted out the network rules.
On the backend, I'm running Ollama locally. Performance has been solid. The sandbox containment feels strong—I'm confident the agent can only access what I've explicitly allowed.
I haven't connected skills like Gmail or Google Docs yet. That integration isn't simple at this point, and I suspect it will take more work for anyone who wants their agent reading emails or editing documents.
The Non-Technical User Challenge
NVIDIA aims NemoClaw at enterprises and technical users, and that makes sense.
The prerequisites aren't trivial: Docker Desktop, Node.js, comfort with terminals and shell commands. Understanding networking helps. Having a machine that's always on matters if you want always-on agents.
These are the same barriers that exist for OpenClaw itself, but NemoClaw adds another layer. You need to understand security policies, network rules, and container concepts to get the most from it.
For non-technical users, the path looks different. An enterprise IT department might configure NemoClaw sandboxes for their teams, pre-approving certain tools and workflows. The end user gets a secure agent without needing to understand Docker or networking. But for individuals setting this up themselves, the learning curve is real.
Who Should Use It
If you're already running OpenClaw agents and thinking about security—whether for enterprise compliance, personal privacy, or just peace of mind—NemoClaw is worth a look.
The security posture is genuinely different from bare OpenClaw. Container isolation adds real boundaries. The documentation is good. Setup is fast enough that you can be running in under half an hour.
If you're not technical, this isn't your starting point. For non-technical users who want to work with AI agents without managing containers and security policies, Scout offers a managed platform that handles the infrastructure for you. Wait until someone packages NemoClaw with a simpler onboarding flow, or until your IT team sets it up for you.
What's Next
NemoClaw is still in early preview. The core concept—deny by default, explicitly approve—makes sense. The implementation works. What's missing is broader ecosystem integration: Gmail skills, Google Docs skills, and the tools that make agents genuinely useful for knowledge work.
I'll be watching to see where this goes. The security layer is the right idea, and NVIDIA's approach of building it on containers and policy engines can scale in ways that bolted-on security checks never will.
For now, if you're technical and curious about running agents more safely, give it a try. Twenty minutes is enough to see if it fits your workflow.