How Nvidia Nemoclaw fits into a Paperclip company.

Nvidia Nemoclaw drops into any Paperclip agent that handles this kind of work. Assign it to a specialist inside a pre-configured PaperclipOrg company and the skill becomes available on every heartbeat — no prompt engineering, no tool wiring.
SaaS FactoryPaired
Pre-configured AI company — 18 agents, 18 skills, one-time purchase.
$27$59
Explore pack
Source file
SKILL.md454 linesmarkdown
Expand
1---2name: nvidia-nemoclaw3description: NVIDIA NemoClaw plugin for secure sandboxed installation and orchestration of OpenClaw always-on AI assistants via OpenShell4triggers:5  - "set up NemoClaw for OpenClaw"6  - "install NVIDIA NemoClaw sandbox"7  - "run OpenClaw in a secure sandbox"8  - "configure NemoClaw inference with NVIDIA cloud"9  - "manage NemoClaw sandboxed agent"10  - "nemoclaw onboard and deploy agent"11  - "OpenShell sandbox with NemoClaw"12  - "secure OpenClaw installation with NVIDIA"13---14 15# NVIDIA NemoClaw16 17> Skill by [ara.so](https://ara.so) — Daily 2026 Skills collection.18 19NVIDIA NemoClaw is an open-source TypeScript CLI plugin that simplifies running [OpenClaw](https://openclaw.ai) always-on AI assistants securely. It installs and orchestrates the [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell) runtime, creates policy-enforced sandboxes, and routes all inference through NVIDIA cloud (Nemotron models). Network egress, filesystem access, syscalls, and model API calls are all governed by declarative policy.20 21**Status:** Alpha — interfaces and APIs may change without notice.22 23---24 25## Installation26 27### Prerequisites28 29- Linux Ubuntu 22.04 LTS or later30- Node.js 20+ and npm 10+ (Node.js 22 recommended)31- Docker installed and running32- [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell) installed33 34### One-Line Installer35 36```bash37curl -fsSL https://nvidia.com/nemoclaw.sh | bash38```39 40This installs Node.js (if absent), runs the guided onboard wizard, creates a sandbox, configures inference, and applies security policies.41 42### Manual Install (from source)43 44```bash45git clone https://github.com/NVIDIA/NemoClaw.git46cd NemoClaw47npm install48npm run build49npm link  # makes `nemoclaw` available globally50```51 52---53 54## Environment Variables55 56```bash57# Required: NVIDIA cloud API key for Nemotron inference58export NVIDIA_API_KEY="nvapi-xxxxxxxxxxxx"59 60# Optional: override default model61export NEMOCLAW_MODEL="nvidia/nemotron-3-super-120b-a12b"62 63# Optional: custom sandbox data directory64export NEMOCLAW_SANDBOX_DIR="/var/nemoclaw/sandboxes"65```66 67Get an API key at [build.nvidia.com](https://build.nvidia.com).68 69---70 71## Quick Start72 73### 1. Onboard a New Agent74 75```bash76nemoclaw onboard77```78 79The interactive wizard prompts for:80- Sandbox name (e.g. `my-assistant`)81- NVIDIA API key (`$NVIDIA_API_KEY`)82- Inference model selection83- Network and filesystem policy configuration84 85Expected output on success:86 87```88──────────────────────────────────────────────────89Sandbox      my-assistant (Landlock + seccomp + netns)90Model        nvidia/nemotron-3-super-120b-a12b (NVIDIA Cloud API)91──────────────────────────────────────────────────92Run:         nemoclaw my-assistant connect93Status:      nemoclaw my-assistant status94Logs:        nemoclaw my-assistant logs --follow95──────────────────────────────────────────────────96[INFO]  === Installation complete ===97```98 99### 2. Connect to the Sandbox100 101```bash102nemoclaw my-assistant connect103```104 105### 3. Chat with the Agent (inside sandbox)106 107**TUI (interactive chat):**108```bash109sandbox@my-assistant:~$ openclaw tui110```111 112**CLI (single message):**113```bash114sandbox@my-assistant:~$ openclaw agent --agent main --local -m "hello" --session-id test115```116 117---118 119## Key CLI Commands120 121### Host Commands (`nemoclaw`)122 123| Command | Description |124|---|---|125| `nemoclaw onboard` | Interactive setup: gateway, providers, sandbox |126| `nemoclaw <name> connect` | Open interactive shell inside sandbox |127| `nemoclaw <name> status` | Show NemoClaw-level sandbox health |128| `nemoclaw <name> logs --follow` | Stream sandbox logs |129| `nemoclaw start` | Start auxiliary services (Telegram bridge, tunnel) |130| `nemoclaw stop` | Stop auxiliary services |131| `nemoclaw deploy <instance>` | Deploy to remote GPU instance via Brev |132| `openshell term` | Launch OpenShell TUI for monitoring and approvals |133 134### Plugin Commands (`openclaw nemoclaw`, run inside sandbox)135 136> Note: These are under active development — use `nemoclaw` host CLI as the primary interface.137 138| Command | Description |139|---|---|140| `openclaw nemoclaw launch [--profile ...]` | Bootstrap OpenClaw inside OpenShell sandbox |141| `openclaw nemoclaw status` | Show sandbox health, blueprint state, and inference |142| `openclaw nemoclaw logs [-f]` | Stream blueprint execution and sandbox logs |143 144### OpenShell Inspection145 146```bash147# List all sandboxes at the OpenShell layer148openshell sandbox list149 150# Check specific sandbox151openshell sandbox inspect my-assistant152```153 154---155 156## Architecture157 158NemoClaw orchestrates four components:159 160| Component | Role |161|---|---|162| **Plugin** | TypeScript CLI: launch, connect, status, logs |163| **Blueprint** | Versioned Python artifact: sandbox creation, policy, inference setup |164| **Sandbox** | Isolated OpenShell container running OpenClaw with policy-enforced egress/filesystem |165| **Inference** | NVIDIA cloud model calls routed through OpenShell gateway |166 167**Blueprint lifecycle:**1681. Resolve artifact1692. Verify digest1703. Plan resources1714. Apply through OpenShell CLI172 173---174 175## TypeScript Plugin Usage176 177NemoClaw exposes a programmatic TypeScript API for building custom integrations.178 179### Import and Initialize180 181```typescript182import { NemoClawClient } from '@nvidia/nemoclaw';183 184const client = new NemoClawClient({185  apiKey: process.env.NVIDIA_API_KEY!,186  model: process.env.NEMOCLAW_MODEL ?? 'nvidia/nemotron-3-super-120b-a12b',187});188```189 190### Create a Sandbox Programmatically191 192```typescript193import { NemoClawClient, SandboxConfig } from '@nvidia/nemoclaw';194 195async function createSandbox() {196  const client = new NemoClawClient({197    apiKey: process.env.NVIDIA_API_KEY!,198  });199 200  const config: SandboxConfig = {201    name: 'my-assistant',202    model: 'nvidia/nemotron-3-super-120b-a12b',203    policy: {204      network: {205        allowedEgressHosts: ['build.nvidia.com'],206        blockUnlisted: true,207      },208      filesystem: {209        allowedPaths: ['/sandbox', '/tmp'],210        readOnly: false,211      },212    },213  };214 215  const sandbox = await client.sandbox.create(config);216  console.log(`Sandbox created: ${sandbox.id}`);217  return sandbox;218}219```220 221### Connect and Send a Message222 223```typescript224import { NemoClawClient } from '@nvidia/nemoclaw';225 226async function chatWithAgent(sandboxName: string, message: string) {227  const client = new NemoClawClient({228    apiKey: process.env.NVIDIA_API_KEY!,229  });230 231  const sandbox = await client.sandbox.get(sandboxName);232  const session = await sandbox.connect();233 234  const response = await session.agent.send({235    agentId: 'main',236    message,237    sessionId: `session-${Date.now()}`,238  });239 240  console.log('Agent response:', response.content);241  await session.disconnect();242}243 244chatWithAgent('my-assistant', 'Summarize the latest NVIDIA earnings report.');245```246 247### Check Sandbox Status248 249```typescript250import { NemoClawClient } from '@nvidia/nemoclaw';251 252async function checkStatus(sandboxName: string) {253  const client = new NemoClawClient({254    apiKey: process.env.NVIDIA_API_KEY!,255  });256 257  const status = await client.sandbox.status(sandboxName);258 259  console.log({260    sandbox: status.name,261    healthy: status.healthy,262    blueprint: status.blueprintState,263    inference: status.inferenceProvider,264    policyVersion: status.policyVersion,265  });266}267```268 269### Stream Logs270 271```typescript272import { NemoClawClient } from '@nvidia/nemoclaw';273 274async function streamLogs(sandboxName: string) {275  const client = new NemoClawClient({276    apiKey: process.env.NVIDIA_API_KEY!,277  });278 279  const logStream = client.sandbox.logs(sandboxName, { follow: true });280 281  for await (const entry of logStream) {282    console.log(`[${entry.timestamp}] ${entry.level}: ${entry.message}`);283  }284}285```286 287### Apply a Network Policy Update (Hot Reload)288 289```typescript290import { NemoClawClient, NetworkPolicy } from '@nvidia/nemoclaw';291 292async function updateNetworkPolicy(sandboxName: string) {293  const client = new NemoClawClient({294    apiKey: process.env.NVIDIA_API_KEY!,295  });296 297  // Network policies are hot-reloadable at runtime298  const updatedPolicy: NetworkPolicy = {299    allowedEgressHosts: [300      'build.nvidia.com',301      'api.github.com',302    ],303    blockUnlisted: true,304  };305 306  await client.sandbox.updatePolicy(sandboxName, {307    network: updatedPolicy,308  });309 310  console.log('Network policy updated (hot reload applied).');311}312```313 314---315 316## Security / Protection Layers317 318| Layer | What it protects | Hot-reloadable? |319|---|---|---|320| **Network** | Blocks unauthorized outbound connections | ✅ Yes |321| **Filesystem** | Prevents reads/writes outside `/sandbox` and `/tmp` | ❌ Locked at creation |322| **Process** | Blocks privilege escalation and dangerous syscalls | ❌ Locked at creation |323| **Inference** | Reroutes model API calls to controlled backends | ✅ Yes |324 325When the agent attempts to reach an unlisted host, OpenShell blocks the request and surfaces it in the TUI for operator approval.326 327---328 329## Common Patterns330 331### Pattern: Minimal Sandbox for Development332 333```typescript334const config: SandboxConfig = {335  name: 'dev-sandbox',336  model: 'nvidia/nemotron-3-super-120b-a12b',337  policy: {338    network: { blockUnlisted: false },   // permissive for dev339    filesystem: { allowedPaths: ['/sandbox', '/tmp', '/home/dev'] },340  },341};342```343 344### Pattern: Production Strict Sandbox345 346```typescript347const config: SandboxConfig = {348  name: 'prod-assistant',349  model: 'nvidia/nemotron-3-super-120b-a12b',350  policy: {351    network: {352      allowedEgressHosts: ['build.nvidia.com'],353      blockUnlisted: true,354    },355    filesystem: {356      allowedPaths: ['/sandbox', '/tmp'],357      readOnly: false,358    },359  },360};361```362 363### Pattern: Deploy to Remote GPU (Brev)364 365```bash366nemoclaw deploy my-gpu-instance --sandbox my-assistant367```368 369```typescript370await client.deploy({371  instance: 'my-gpu-instance',372  sandboxName: 'my-assistant',373  provider: 'brev',374});375```376 377---378 379## Troubleshooting380 381### Error: Sandbox not found382 383```384Error: Sandbox 'my-assistant' not found385```386 387**Fix:** Check at the OpenShell layer — NemoClaw errors and OpenShell errors are separate:388 389```bash390openshell sandbox list391nemoclaw my-assistant status392```393 394### Error: NVIDIA API key missing or invalid395 396```397Error: Inference provider authentication failed398```399 400**Fix:**401```bash402export NVIDIA_API_KEY="nvapi-xxxxxxxxxxxx"403nemoclaw onboard  # re-run to reconfigure404```405 406### Error: Docker not running407 408```409Error: Cannot connect to Docker daemon410```411 412**Fix:**413```bash414sudo systemctl start docker415sudo usermod -aG docker $USER  # add current user to docker group416newgrp docker417```418 419### Error: OpenShell not installed420 421```422Error: 'openshell' command not found423```424 425**Fix:** Install [NVIDIA OpenShell](https://github.com/NVIDIA/OpenShell) first, then re-run the NemoClaw installer.426 427### Agent blocked on outbound request428 429When you see a blocked request notification in the TUI:430 431```bash432openshell term        # open TUI to approve/deny the request433# OR update policy to allow the host:434nemoclaw my-assistant policy update --allow-host api.example.com435```436 437### View Full Debug Logs438 439```bash440nemoclaw my-assistant logs --follow441# or with verbose flag442nemoclaw my-assistant logs --follow --level debug443```444 445---446 447## Documentation Links448 449- [Overview](https://docs.nvidia.com/nemoclaw/latest/about/overview.html)450- [How It Works](https://docs.nvidia.com/nemoclaw/latest/about/how-it-works.html)451- [Architecture](https://docs.nvidia.com/nemoclaw/latest/reference/architecture.html)452- [Inference Profiles](https://docs.nvidia.com/nemoclaw/latest/reference/inference-profiles.html)453- [Network Policies](https://docs.nvidia.com/nemoclaw/latest/reference/network-policies.html)454- [CLI Commands](https://docs.nvidia.com/nemoclaw/latest/reference/commands.html)
Related skills
Agency Agents Ai Specialists

Install Agency Agents Ai Specialists skill for Claude Code from aradotso/trending-skills.
Agent Browser Automation

Install Agent Browser Automation skill for Claude Code from aradotso/trending-skills.
Antigravity Manager

Install Antigravity Manager skill for Claude Code from aradotso/trending-skills.