← hub

NemoClaw

NVIDIA's OpenClaw sandbox plugin. Landlock + seccomp + netns + transparent inference proxy.
Orthogonal contribution: secrets physically cannot exist in the sandbox.

NemoClaw in one sentence: It wraps OpenClaw inside NVIDIA OpenShell (Landlock + seccomp + network namespaces), intercepts all model API calls before they leave the sandbox, and routes them to Nemotron — so the agent holds no credentials. The rest is operator-controlled egress policy.

Agent context

Source at /workspace/web/agents/refs-nemoclaw/ (github.com/NVIDIA/NemoClaw, alpha March 2026, Apache 2.0). ~9,300 LOC (TS + Python). Core isolation = NVIDIA OpenShell (separate closed-source project). Is a plugin for OpenClaw — not a standalone agent system. Adds: OpenShell sandbox (Landlock+seccomp+netns), transparent inference proxy (secrets never in sandbox), declarative network policy YAML, operator approval TUI for blocked egress, versioned blueprint with digest, migration+rollback of host OpenClaw into sandbox. Does NOT add: channels, memory, multi-group hierarchy, scheduling — all inherited from OpenClaw. Kanipi source at /workspace/web/agents/refs-kanipi/ (github.com/kronael/kanipi, TS, 13k src LOC). Kanipi channels: WhatsApp, Telegram, Discord, Email (IMAP/SMTP), Web SSE, Slink (HTTP+JWT), Bluesky, Facebook, Mastodon, Reddit, Twitter. Kanipi features: impulse batching, MIME pipeline (video/voice/whisper), auth (JWT+argon2+OAuth GitHub/Discord/Telegram), action registry, web-proxy with embedded sloth.js. See full feature-to-kanipi mapping in llm block at bottom of this page.