How to Run OpenClaw Agents Securely with NVIDIA NemoClaw on Linux Docker in 2025

If you're building autonomous AI agents with OpenClaw, you've likely encountered the challenge of running always-on assistants safely in production. NVIDIA NemoClaw provides a reference stack that wraps OpenClaw agents inside the OpenShell runtime, adding critical security layers for sandboxing and managed inference. This guide walks you through installing NemoClaw on Linux with Docker and running your first secured OpenClaw agent.

Why NemoClaw for OpenClaw Agent Security

OpenClaw agents are powerful autonomous assistants, but they require careful isolation when running continuously. NemoClaw addresses this by:

• Installing the NVIDIA OpenShell runtime with container-based sandboxing
• Providing guided onboarding with hardened blueprints
• Managing state and channel messaging through OpenShell
• Routing inference requests with layered protection
• Preventing direct access to host systems

The primary tested path uses Linux with Docker, making it ideal for developers deploying agents on Linux servers or VMs.

Prerequisites for Running NemoClaw on Linux

Before installing NemoClaw, verify your system meets these requirements:

Hardware Requirements

| Resource | Minimum | Recommended | Notes | |----------|---------|-------------|-------| | CPU | 4 vCPU | 4+ vCPU | Required for k3s and gateway | | RAM | 8 GB | 16 GB | See memory warning below | | Disk | 20 GB free | 40 GB free | Sandbox image is 2.4 GB compressed |

Critical Memory Warning: The sandbox image decompression, Docker daemon, k3s, and OpenShell gateway run simultaneously during setup. On systems with less than 8 GB RAM, the Linux OOM killer may terminate processes. If you cannot add physical RAM, configure at least 8 GB of swap space:

# Create 8GB swap file
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

# Make swap permanent
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Software Requirements

| Dependency | Version | Installation | |------------|---------|-------------| | Node.js | 22.16 or later | curl -fsSL https://deb.nodesource.com/setup_22.x \| sudo -E bash - && sudo apt-get install -y nodejs | | npm | 10 or later | Included with Node.js 22.16+ | | Docker | Latest stable | curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh |

Verify your installations:

node --version  # Should show v22.16.0 or higher
npm --version   # Should show 10.x or higher
docker --version

Step-by-Step Installation Guide

Step 1: Install NVIDIA NemoClaw

NemoClaw is distributed as an npm package. Install it globally:

npm install -g nemoclaw

Verify the installation:

nemoclaw --version

Step 2: Run the Onboarding Process

NemoClaw includes a guided onboarding command that installs the OpenShell gateway and creates the sandbox environment:

nemoclaw onboard

This command performs several critical operations:

1. Installs the NVIDIA OpenShell runtime
2. Configures the k3s Kubernetes cluster
3. Downloads and deploys the sandbox container image (2.4 GB)
4. Sets up state management and channel messaging
5. Configures inference routing with security policies

The onboarding process typically takes 5-10 minutes depending on your network speed and system performance.

Important: Do not manually update OpenShell or use commands like openshell self-update, npm update -g openshell, openshell gateway start --recreate, or openshell sandbox create after onboarding. These commands bypass NemoClaw's managed configuration. If you need to recreate your environment, rerun nemoclaw onboard.

Step 3: Verify OpenShell Gateway Status

After onboarding completes, check that the OpenShell gateway is running:

nemoclaw status

You should see output indicating the gateway and sandbox are active:

✓ OpenShell Gateway: Running
✓ Sandbox Environment: Active
✓ k3s Cluster: Healthy

Step 4: Create Your First Sandboxed OpenClaw Agent

With NemoClaw configured, you can now run OpenClaw agents inside the secure sandbox. Create a simple agent configuration:

// agent-config.js
module.exports = {
  name: "document-processor",
  runtime: "openshell",
  capabilities: [
    "file_read",
    "file_write",
    "http_client"
  ],
  inference: {
    provider: "openai",
    model: "gpt-4-turbo",
    temperature: 0.7
  },
  sandbox: {
    network: "restricted",
    filesystem: "isolated",
    max_memory: "2G"
  }
};

Deploy the agent through NemoClaw:

nemoclaw deploy agent-config.js

Understanding NemoClaw's Security Architecture

NemoClaw provides multiple security layers:

Layer 1: Container Isolation

All OpenClaw agents run inside Docker containers orchestrated by k3s. This prevents direct access to the host filesystem and network.

Layer 2: OpenShell Managed Channels

Instead of direct API calls, agents communicate through OpenShell-managed channels that enforce policy-based routing.

Layer 3: Inference Routing

LLM inference requests are routed through NemoClaw's gateway, which applies rate limiting, content filtering, and audit logging.

Layer 4: State Management

Agent state is persisted in controlled volumes, preventing unauthorized data access across agent instances.

NemoClaw vs Direct OpenClaw Deployment

| Feature | Direct OpenClaw | NemoClaw with OpenShell | |---------|----------------|-------------------------| | Setup complexity | Low | Medium (guided onboarding) | | Container isolation | Optional | Required (k3s managed) | | Inference security | Manual implementation | Built-in routing and filtering | | Channel management | Direct API access | Managed, policy-enforced | | State persistence | Developer-managed | Automated with isolation | | Production readiness | Requires custom hardening | Alpha (hardened blueprint provided) | | Overhead | Minimal | Moderate (k3s + gateway) |

NemoClaw is ideal when security and isolation are priorities, especially for production deployments. If you're prototyping or running agents in trusted environments, direct OpenClaw may be simpler.

Troubleshooting Common Issues

Issue: OOM Killer Terminates Installation

Symptom: Installation fails with "Killed" or Docker daemon stops responding.

Solution: Add swap space as shown in the prerequisites section, or increase system RAM to 16 GB.

Issue: k3s Cluster Won't Start

Symptom: nemoclaw status shows k3s as unhealthy.

Solution: Check Docker service status and available disk space:

sudo systemctl status docker
df -h /var/lib/docker

Ensure at least 20 GB free in the Docker root directory.

Issue: Sandbox Image Download Fails

Symptom: Onboarding hangs or times out during image download.

Solution: Check your network connection and verify Docker can pull images:

docker pull nvidia/nemoclaw-sandbox:latest

If the pull fails, check firewall rules or use a different network.

Managing NemoClaw Lifecycle

To recreate your NemoClaw environment (useful after system updates or configuration changes):

nemoclaw onboard --force

To stop all NemoClaw components:

nemoclaw shutdown

To completely remove NemoClaw and OpenShell:

nemoclaw purge
npm uninstall -g nemoclaw

Production Considerations

Alpha Software Warning: As of March 2026, NemoClaw is in early alpha. The project explicitly states it is not production-ready, and APIs may change without notice. Use it for experimentation and development, but plan for breaking changes.

For production deployments, consider:

1. Monitoring: Integrate OpenShell gateway logs with your observability stack
2. Backup: Regularly backup agent state volumes
3. Resource limits: Set appropriate CPU and memory limits in agent configurations
4. Security updates: Subscribe to NemoClaw security advisories on GitHub
5. Testing: Validate agents in staging before production deployment

Next Steps

After securing your OpenClaw agents with NemoClaw:

• Review the Architecture documentation to understand component interactions
• Explore advanced blueprints in the How It Works guide
• Join the NemoClaw Discord for community support
• Report issues or contribute at the GitHub repository

By running OpenClaw agents through NemoClaw's OpenShell runtime, you gain essential security controls for autonomous AI systems without building sandboxing infrastructure from scratch. While the project is still maturing, it provides a solid foundation for developers serious about agent security in 2025.