NVIDIA
Ctrl+K
View All Playbooks

NemoClaw

60 MINS

Run OpenClaw in an OpenShell sandbox on DGX Spark with Ollama (Nemotron)

AI AgentDGXNemoClawOllamaOpenShellSpark
NemoClaw on GitHub

Basic idea

NVIDIA OpenShell is an open-source runtime for running autonomous AI agents in sandboxed environments with kernel-level isolation. NVIDIA NemoClaw is an OpenClaw plugin that packages OpenShell with an AI agent: it includes the nemoclaw onboard wizard to automate setup so you can get a browser-based chat interface running locally on your DGX Spark using Ollama (e.g. NVIDIA Nemotron 3 Super).

By the end of this playbook you will have a working AI agent inside an OpenShell sandbox, accessible via a dashboard URL, with inference routed to a local model on your Spark—all without exposing your host filesystem or network to the agent.

What you'll accomplish

  • Install and configure Docker for OpenShell (including cgroup fix for DGX Spark)
  • Install Node.js, Ollama, the OpenShell CLI, and the NemoClaw plugin
  • Run the NemoClaw onboard wizard to create a sandbox and configure inference
  • Start the OpenClaw web UI inside the sandbox and chat with Nemotron 3 Super (or another Ollama model) locally

Notice and disclaimers

The following sections describe safety, risks, and your responsibilities when running this demo.

Quick start safety check

Use only a clean environment. Run this demo on a fresh device or VM with no personal data, confidential information, or sensitive credentials. Keep it isolated like a sandbox.

By installing this demo, you accept responsibility for all third-party components, including reviewing their licenses, terms, and security posture. Read and accept before you install or use.

What you're getting

This experience is provided "AS IS" for demonstration purposes only—no warranties, no guarantees. This is a demo, not a production-ready solution. You will need to implement appropriate security controls for your environment and use case.

Key risks with AI agents

  • Data leakage — Any materials the agent accesses could be exposed, leaked, or stolen.
  • Malicious code execution — The agent or its connected tools could expose your system to malicious code or cyber-attacks.
  • Unintended actions — The agent might modify or delete files, send messages, or access services without explicit approval.
  • Prompt injection and manipulation — External inputs or connected content could hijack the agent's behavior in unexpected ways.

Participant acknowledgement

By participating in this demo, you acknowledge that you are solely responsible for your configuration and for any data, accounts, and tools you connect. To the maximum extent permitted by law, NVIDIA is not responsible for any loss of data, device damage, security incidents, or other harm arising from your configuration or use of NemoClaw demo materials, including OpenClaw or any connected tools or services.

Isolation layers (OpenShell)

LayerWhat it protectsWhen it applies
FilesystemPrevents reads/writes outside allowed paths.Locked at sandbox creation.
NetworkBlocks unauthorized outbound connections.Hot-reloadable at runtime.
ProcessBlocks privilege escalation and dangerous syscalls.Locked at sandbox creation.
InferenceReroutes model API calls to controlled backends.Hot-reloadable at runtime.

What to know before starting

  • Basic use of the Linux terminal and SSH
  • Familiarity with Docker (permissions, docker run)
  • Awareness of the security and risk sections above

Prerequisites

Hardware and access:

  • A DGX Spark (GB10) with keyboard and monitor, or SSH access
  • An NVIDIA API key from build.nvidia.com (free; the onboard wizard will prompt for it)
  • A GitHub account with access to the NVIDIA organization (for installing the OpenShell CLI from GitHub releases)

Software:

  • Fresh install of DGX OS with latest updates

Verify your system before starting:

head -n 2 /etc/os-release
nvidia-smi
docker info --format '{{.ServerVersion}}'
python3 --version

Expected: Ubuntu 24.04, NVIDIA GB10 GPU, Docker server version, Python 3.12+.

Ancillary files

All required assets are in the openshell-openclaw-plugin repository. You will clone it during the instructions to install NemoClaw.

Time and risk

  • Estimated time: 45–90 minutes (including first-time gateway and sandbox build, and Nemotron 3 Super download of ~87GB).
  • Risk level: Medium — you are running an AI agent in a sandbox; risks are reduced by isolation but not eliminated. Use a clean environment and do not connect sensitive data or production accounts.
  • Rollback: Remove the sandbox with openshell sandbox delete <name>, destroy the gateway with openshell gateway destroy -g nemoclaw, and uninstall NemoClaw with sudo npm uninstall -g nemoclaw and rm -rf ~/.nemoclaw (see Cleanup in Instructions).
  • Last Updated: 03/13/2026
    • First publication

Resources