jpskill.com
💬 コミュニケーション コミュニティ

nemoclaw

Set up, configure, and manage NemoClaw — NVIDIA's open-source sandbox for running OpenClaw agents securely with policy-enforced network, filesystem, and inference controls. Use when the user mentions "nemoclaw," "openclaw sandbox," "openshell," "sandboxed agent," "agent security sandbox," "nemotron sandbox," or wants to deploy an AI agent inside an isolated environment with egress control and inference routing.

⚡ おすすめ: コマンド1行でインストール(60秒)

下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。

🍎 Mac / 🐧 Linux 
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o nemoclaw.zip https://jpskill.com/download/15159.zip && unzip -o nemoclaw.zip && rm nemoclaw.zip
🪟 Windows (PowerShell) 
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/15159.zip -OutFile "$d\nemoclaw.zip"; Expand-Archive "$d\nemoclaw.zip" -DestinationPath $d -Force; ri "$d\nemoclaw.zip"

完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。

💾 手動でダウンロードしたい(コマンドが難しい人向け)
  1. 1. 下の青いボタンを押して nemoclaw.zip をダウンロード
  2. 2. ZIPファイルをダブルクリックで解凍 → nemoclaw フォルダができる
  3. 3. そのフォルダを C:\Users\あなたの名前\.claude\skills\(Win)または ~/.claude/skills/(Mac)へ移動
  4. 4. Claude Code を再起動
⬇ .zip でダウンロード(推奨) ⬇ .skill 形式(上級者用) 元のソース ↗

⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。

🎯 このSkillでできること

下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。

📦 インストール方法 (3ステップ)

  1. 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
  2. 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
  3. 3. 展開してできたフォルダを、ホームフォルダの .claude/skills/ に置く
    • · macOS / Linux: ~/.claude/skills/
    • · Windows: %USERPROFILE%\.claude\skills\

Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。

詳しい使い方ガイドを見る →
最終更新
2026-05-18
取得日時
2026-05-18
同梱ファイル
1
📖 Claude が読む原文 SKILL.md(中身を展開)

この本文は AI(Claude)が読むための原文(英語または中国語)です。日本語訳は順次追加中。

NemoClaw

Overview

NemoClaw is an open-source stack by NVIDIA that installs and runs OpenClaw inside a sandboxed environment (OpenShell) with policy-enforced security controls. OpenShell provides Landlock, seccomp, and network namespace isolation. Sandboxes enforce strict egress control — all inference requests route through the OpenShell gateway, not directly to the internet. Network and inference policies are hot-reloadable; filesystem and process policies are locked at creation.

Instructions

1. Install NemoClaw

Prerequisites: Linux Ubuntu 22.04+, Node.js 20+, Docker running, NVIDIA OpenShell installed, NVIDIA API key from build.nvidia.com.

curl -fsSL https://nvidia.com/nemoclaw.sh | bash

The installer runs the guided onboard wizard, creates a sandbox, configures inference (NVIDIA cloud), and applies security policies. After install you see:

──────────────────────────────────────────────────
Sandbox my-assistant (Landlock + seccomp + netns)
Model nvidia/nemotron-3-super-120b-a12b (NVIDIA Cloud API)
──────────────────────────────────────────────────

2. Manage sandboxes from the host

nemoclaw onboard                      # Interactive setup wizard
nemoclaw my-assistant connect         # Shell into sandbox
nemoclaw my-assistant status          # Sandbox health check
nemoclaw my-assistant logs --follow   # Stream logs
nemoclaw start                        # Start auxiliary services
nemoclaw stop                         # Stop services
nemoclaw deploy my-assistant          # Deploy via Brev to remote GPU instance

3. Work inside the sandbox

openclaw tui                          # Interactive chat TUI
openclaw agent --agent main --local -m "hello" --session-id test
openclaw nemoclaw launch              # Bootstrap OpenClaw in sandbox
openclaw nemoclaw status              # Show sandbox health
openclaw nemoclaw logs [-f]           # Stream logs

4. Security policies

  • Network: All outbound blocked by default, allowlist-based egress, hot-reloadable. When agent requests unlisted host → blocked + surfaced in TUI for operator approval.
  • Filesystem: Only /sandbox and /tmp writable, locked at creation.
  • Process: Privilege escalation blocked, seccomp syscall filtering, locked at creation.
  • Inference: All model API calls intercepted by OpenShell gateway, routed to NVIDIA cloud. Default model: nvidia/nemotron-3-super-120b-a12b.

5. Troubleshoot

nemoclaw my-assistant status                        # NemoClaw health
openshell sandbox list                              # OpenShell sandbox state
nemoclaw my-assistant logs --follow | grep inference # Check inference connectivity

Common issues: Docker not running → start daemon. API key invalid → re-run nemoclaw onboard. Sandbox conflicts → check openshell sandbox list. Network blocked → check egress allowlist.

Examples

Example 1: Set up a new sandboxed coding agent

User request: "I want to run an OpenClaw agent in a secure sandbox with NemoClaw on my Ubuntu server"

Actions taken:

  1. Verify prerequisites: confirm Ubuntu 22.04+, Node.js 20+, Docker running
  2. Install OpenShell from https://github.com/NVIDIA/OpenShell
  3. Run the NemoClaw installer:
    curl -fsSL https://nvidia.com/nemoclaw.sh | bash
  4. Follow onboard wizard — enter sandbox name code-agent, select Nemotron model, provide NVIDIA API key
  5. Connect to sandbox:
    nemoclaw code-agent connect
  6. Inside sandbox, start the agent TUI:
    openclaw tui

Expected output: Agent running inside isolated sandbox with Landlock filesystem protection, seccomp syscall filtering, network namespace isolation, and all inference routed through OpenShell gateway.

Example 2: Deploy a sandboxed agent to a remote GPU instance

User request: "Deploy my NemoClaw sandbox to a remote GPU so I can run larger models"

Actions taken:

  1. Confirm local sandbox research-agent is working:
    nemoclaw research-agent status

    Output: research-agent: running (Landlock + seccomp + netns)

  2. Deploy to remote GPU via Brev:
    nemoclaw deploy research-agent
  3. Monitor remote deployment:
    nemoclaw research-agent logs --follow

Expected output: Remote GPU instance provisioned, NemoClaw installed, sandbox research-agent running on remote with same security policies applied. All inference routed through NVIDIA cloud API.

Guidelines

  • NemoClaw requires a fresh OpenClaw installation — do not install on existing OpenClaw setups.
  • Alpha software — APIs may change without notice; not production-ready yet.
  • Linux only — Ubuntu 22.04+ required, no macOS or Windows support.
  • The curl | bash installer is from nvidia.com (official NVIDIA source). For manual installation, clone the repo and follow the README at https://github.com/NVIDIA/NemoClaw.
  • When the agent tries to reach a host not in the egress allowlist, the request is blocked and surfaced in the OpenShell TUI for operator approval. If approved, the host is added to the allowlist.
  • Blueprint lifecycle: Resolve artifact → Verify digest → Plan resources → Apply through OpenShell CLI.
  • Architecture: Host runs nemoclaw CLI (TypeScript) + Blueprint (Python) + OpenShell Runtime → Sandbox contains the OpenClaw agent with strict isolation.