A list of practical resources for NemoClaw, the sandboxed OpenClaw runtime built on NVIDIA OpenShell.

Awesome NemoClaw

NemoClaw is an open-source runtime layer for running OpenClaw inside a controlled NVIDIA OpenShell sandbox. OpenClaw is the agent framework itself; NemoClaw adds sandboxing, policy-based network control, inference routing, and operational tooling around it.

This open-source list collects practical presets, recipes, deployment patterns, and operational references to help you run NemoClaw in real-world setups.

Start Here

Install NemoClaw and onboard an OpenClaw agent:

$ curl -fsSL https://nvidia.com/nemoclaw.sh | bash

Connect to the sandbox and start chatting:

$ nemoclaw my-assistant connect

References:

• Quickstart

Plugin Layout

High-level plugin structure used by openclaw nemoclaw:

nemoclaw/
├── src/
│   ├── index.ts                    Plugin entry -- registers all commands
│   ├── cli.ts                      Commander.js subcommand wiring
│   ├── commands/
│   │   ├── launch.ts               Fresh install into OpenShell
│   │   ├── connect.ts              Interactive shell into sandbox
│   │   ├── status.ts               Blueprint run state + sandbox health
│   │   ├── logs.ts                 Stream blueprint and sandbox logs
│   │   └── slash.ts                /nemoclaw chat command handler
│   └── blueprint/
│       ├── resolve.ts              Version resolution, cache management
│       ├── fetch.ts                Download blueprint from OCI registry
│       ├── verify.ts               Digest verification, compatibility checks
│       ├── exec.ts                 Subprocess execution of blueprint runner
│       └── state.ts                Persistent state (run IDs)
├── openclaw.plugin.json            Plugin manifest
└── package.json                    Commands declared under openclaw.extensions

This is why NemoClaw feels split into two layers: a thin TypeScript plugin for UX/CLI and a blueprint execution layer for sandbox orchestration.

Policy Presets

Ready-made network policy bundles for common services.

Important:

• Community presets in this repository are example baselines.
• Review and customize host, path, method, and binary constraints before production use.
• Replace placeholders like your-subdomain and your-bucket.

Official Presets (NVIDIA)

• discord - Discord API, gateway, CDN.
• docker - Docker Hub and NVIDIA registry.
• huggingface - Hugging Face Hub and inference.
• jira - Atlassian Cloud.
• npm - npm and Yarn registries.
• outlook - Microsoft Graph and Outlook.
• pypi - Python package endpoints.
• slack - Slack API and webhooks.
• telegram - Telegram Bot API.

Community Presets (This Repo)

• gitlab - GitLab API access via /api/v4/**.
• notion - Notion API access via /v1/**.
• linear - Linear GraphQL access via /graphql.
• confluence - Confluence and Atlassian API access with tenant scoping.
• teams - Microsoft Teams and Graph API access.
• zendesk - Zendesk API access with tenant placeholders.
• sentry - Sentry API and ingestion endpoints.
• stripe - Stripe API access via /v1/**.
• cloudflare - Cloudflare API access via /client/v4/**.
• google-workspace - OAuth, Gmail, Drive, and Calendar APIs.
• aws - STS, S3, and Bedrock API access.
• gcp - OAuth, Cloud Storage, and Vertex AI APIs.
• vercel - Vercel deployment API access.
• supabase - Supabase REST, Auth, and Storage APIs.
• neon - Neon API access via /api/v2/**.
• algolia - Algolia indexing and search API endpoints.
• airtable - Airtable API access via /v0/**.
• hubspot - HubSpot CRM and OAuth API access.

Policy authoring references:

• Community preset guide - Hardening checklist and usage.
• Customize Network Policy - Static and dynamic policy updates.
• policy-add and policy-list commands - Apply and inspect presets.
• Baseline policy template - Format reference.

Agent Recipes

Task-oriented setups combining policy, routing, and operations.

• Approval-first web agent - Unknown hosts require operator approval.
• Sandbox monitoring workflow - Status, logs, TUI loop.
• Remote GPU assistant recipe - Persistent remote sandbox.
• Telegram support bot recipe - Bot bridge into sandboxed agent.
• Runtime model-switching workflow - Switch model without restart.

Templates

• Baseline sandbox policy - Main policy template.
• Official preset examples - Upstream preset references.
• Community preset examples - This repo preset catalog.
• Sandbox image template - Container build structure.
• Service bootstrap script - Telegram and tunnel services.
• Remote bootstrap script - Remote host bootstrap.

Example Projects

• NVIDIA/NemoClaw - Canonical implementation.
• Add your project - Share production-ready setups.

Official Resources

• NemoClaw GitHub - Main source repository.
• Overview - Product scope and value.
• How It Works - Plugin, blueprint, and sandbox lifecycle.
• Architecture - Component layout and flow.
• Commands - CLI reference.
• Network Policies - Baseline egress model.
• Inference Profiles - Provider and model configuration.

🤝 Contributing

Contributions are welcome. See CONTRIBUTING.md.

Preferred submissions:

• practical preset files
• tested deployment recipes
• clear security and ops playbooks
• real example projects

Avoid low-signal link dumps. Curate for real usage.

License

MIT License - see LICENSE

This is a curated list. Resources listed here reference projects created and maintained by their respective authors and teams, not by us. They are not security-audited and should be reviewed before production use.

If you find an issue with a listed resource or want your entry removed, please open an issue and we'll take care of it promptly.