Skip to main content
NVIDIA
Explore
Models
Skills
Blueprints
GPUs
Docs
Terms of Use
Privacy Policy
Your Privacy Choices
Contact

Copyright © 2026 NVIDIA Corporation

View All Playbooks
View All Playbooks

onboarding

  • Set Up Local Network Access
  • Open WebUI with Ollama

data science

  • Single-cell RNA Sequencing
  • Portfolio Optimization
  • CUDA-X Data Science
  • Text to Knowledge Graph
  • Optimized JAX

tools

  • DGX Dashboard
  • RAG Application in AI Workbench
  • Set up Tailscale on Your Spark
  • VS Code
  • Connect Three DGX Spark in a Ring Topology
  • Connect Multiple DGX Spark through a Switch

fine tuning

  • FLUX.1 Dreambooth LoRA Fine-tuning
  • LLaMA Factory
  • Fine-tune with NeMo
  • Fine-tune with Pytorch
  • Unsloth on DGX Spark

use case

  • Run NemoClaw with a Local LLM
  • 🦞 Set Up Example NemoClaw Agents 🦞
  • Run Hermes Agent with Local Models
  • cuTile Kernels
  • CLI Coding Agent
  • Live VLM WebUI
  • Install and Use Isaac Sim and Isaac Lab
  • Vibe Coding in VS Code
  • Build and Deploy a Multi-Agent Chatbot
  • Connect Two Sparks
  • NCCL for Two Sparks
  • Build a Video Search and Summarization (VSS) Agent
  • Spark & Reachy Photo Booth
  • Secure Long Running AI Agents with OpenShell on DGX Spark
  • OpenClaw 🦞

inference

  • Speculative Decoding
  • Run models with llama.cpp on DGX Spark
  • Nemotron Model Family on DGX Spark
  • SGLang for Inference
  • TRT LLM for Inference
  • NVFP4 Quantization
  • Multi-modal Inference
  • NIM on Spark
  • LM Studio on DGX Spark
  • vLLM for Inference

Run NemoClaw with a Local LLM

30 MIN

Build your first local AI assistant on DGX Spark using NemoClaw and vLLM in a secure sandbox, with optional Telegram.

Agentic WorkflowDGX SparkNemoClawOpenShellTelegramvLLM
NemoClaw on GitHub
OverviewOverviewInstructionsInstructionsTroubleshootingTroubleshooting

Phase 1: Install and Run NemoClaw

Step 1
Install NemoClaw

This single command handles everything: installs Node.js (if needed), installs OpenShell, clones the last known good (LKG) NemoClaw release automatically, builds the CLI, and runs the onboard wizard to create a sandbox.

curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash

The installation wizard walks you through setup:

  1. Accept NemoClaw license -- Confirm by entering yes
  2. Run express install -- Confirm by entering Y

NOTE

Express install uses the recommended default settings. If you want to customize your configuration afterward, run nemoclaw onboard.

The installer requires Node.js 22.16+ (installed automatically if missing). It walks you through Node.js, NemoClaw CLI and Onboarding phases. See more details of Onboarding configuration in the next step.

Step 2
NemoClaw Onboarding

NOTE

If you chose express install in Step 1, all settings are auto-configured with recommended defaults. Skip to Step 3 unless you need more customization. To customize, run nemoclaw onboard and follow the wizard below.

During custom setup, the onboard wizard walks you through:

  1. Select your agent -- Choose which agent to run in the sandbox. Enter 1 for OpenClaw:
  2. Configuring inference -- Choose a local inference option to run models on your DGX Spark.
  3. Inference models -- Select a model from the installer prompts. NemoClaw will prepare any required local model artifacts when needed.
  4. Sandbox name -- Pick a name (e.g. my-assistant). Each sandbox requires a unique name.
  5. Apply this configuration -- Enter Y to confirm setting up local inference.
  6. Enable Brave Web Search -- Optional. If you enable it, paste a Brave Search API key when prompted.
  7. Messaging channels -- Optional. If you enable it, choose your desired bot (telegram, discord or slack) and paste your bot token when prompted.
  8. Resource profiles -- Choose how much CPU and RAM the sandbox may use (creator, gamer, game-developer, developer, custom, or No profile). Press Enter to accept the default (No profile).
  9. Policy presets -- Choose desired Policy tier (Balanced recommended) and accept/edit the suggested presets when prompted (confirm with Enter).

When complete you will see output like:

OpenClaw is ready

Sandbox:  my-assistant
Model:    <your-selected-model> (Local vLLM)

Start chatting

  Browser:
    http://127.0.0.1:18790/

  Terminal:
    nemoclaw my-assistant connect
    then run: openclaw tui

Authenticated dashboard URL, if needed:
  nemoclaw my-assistant dashboard-url --quiet

Remote access (SSH session detected):
  On your workstation, run:
    ssh -L 18790:127.0.0.1:18790 nvidia@<host>
  Then open the dashboard URL above in your local browser.

Manage later

  Status:      nemoclaw my-assistant status
  Logs:        nemoclaw my-assistant logs --follow
  Model:       nemoclaw inference set --model <model> --provider <provider> --sandbox my-assistant
  Policies:    nemoclaw my-assistant policy-add
  Credentials: nemoclaw credentials reset <KEY> && nemoclaw onboard

NOTE

  • If nemoclaw is not found after install, run source ~/.bashrc to reload your shell path.
  • Time to finish Onboarding can vary, depending on the model choice and internet speed.

NemoClaw Onboarding can be run repeatedly to create multiple sandboxes for independent use cases. Use --name <new-name> to create an additional sandbox alongside any existing ones:

nemoclaw onboard --gpu --name <new-name>

IMPORTANT

Use --name <new-name> to create an additional sandbox without affecting existing ones. The --fresh flag is a destructive option reserved for starting a completely new onboard session — if a sandbox with the same name already exists, --fresh will destroy and recreate it. Only use --fresh when you intend to wipe and re-onboard (see Step 4 for an example where re-prompting is required).

Step 3
Interact with OpenClaw

There are two ways to interact with your OpenClaw, Web UI or terminal UI.

Option 1. Web UI

Get the full dashboard URL (includes the auto-assigned port and token):

nemoclaw my-assistant dashboard-url --quiet

This prints a URL like http://127.0.0.1:18790/#token=<token>. The port is auto-assigned (commonly 18789 or 18790) and may differ between installs.

If accessing the Web UI directly on the Spark (keyboard and monitor attached), open the dashboard URL in a browser.

If accessing the Web UI from a remote machine, you need to set up an SSH tunnel.

First, note the port number from the dashboard URL above (e.g. 18790).

Find your Spark's IP address:

hostname -I | awk '{print $1}'

This prints the primary IP address (e.g. 192.168.1.42). You can also find it in Settings > Wi-Fi or Settings > Network on the Spark's desktop, or check your router's connected-devices list.

From your remote machine, create an SSH tunnel using the port from above (replace <port> and <your-spark-ip>):

ssh -L <port>:127.0.0.1:<port> <your-user>@<your-spark-ip>

Now open the dashboard URL in your remote machine's browser.

IMPORTANT

Use 127.0.0.1, not localhost -- the gateway origin check requires an exact match.

NOTE

If the Web UI fails to load and the port forward may be stale, get the port from nemoclaw my-assistant dashboard-url --quiet and reset:

openshell forward stop <port> my-assistant || true
openshell forward start <port> my-assistant --background

Option 2. Terminal UI

Connect to the sandbox:

nemoclaw my-assistant connect

Then launch the terminal UI inside the sandbox:

openclaw tui

You can start chatting with OpenClaw. Press Ctrl+C to exit the terminal UI.

To exit the sandbox:

exit

Phase 2: Modify NemoClaw Policy

Step 4
Enable Brave Search in sandbox

To add Brave Web Search to an existing sandbox, re-run onboarding with BRAVE_API_KEY set. Get a key from the Brave Search API console:

BRAVE_API_KEY=<your-brave-search-api-key> nemoclaw onboard --name <sandbox-name>

If the sandbox already exists without web search enabled, NemoClaw needs to recreate the sandbox so the Brave configuration is baked into the agent runtime. Accept the recreate prompt when it appears.

For scripted (non-interactive) runs, pass --recreate-sandbox to perform the rebuild without prompting:

BRAVE_API_KEY=<your-brave-search-api-key> \
  nemoclaw onboard --name <sandbox-name> --recreate-sandbox --non-interactive

NOTE

--recreate-sandbox clearly describes the intentional rebuild needed to add web search. Reserve --fresh for recovery from a failed or interrupted onboarding session — it discards the wizard state and starts over, which is not the right tool for adding a feature to an already-created sandbox.

To confirm web search is enabled, relaunch your OpenClaw WebUI or terminal UI. Ask the agent for something that needs live web search. If requests still fail, run nemoclaw <sandbox-name> policy-list and re-read the onboard output for Brave/API errors.

Step 5
Set up Messaging Channel (Telegram Bot as an example)

These steps apply when your sandbox exists but Telegram was never configured (you skipped Messaging channels in Step 2, or the sandbox policy tier never included Telegram-related egress). Replace <sandbox-name> with your sandbox (for example my-assistant).

IMPORTANT

Telegram does not require cloudflared. The bot uses long-polling to pull messages from Telegram servers, so no public URL or tunnel is needed. cloudflared is only for exposing the dashboard/Web UI remotely (see sub-step 5 below) and is unrelated to messaging.

1. Create a Telegram bot

In Telegram, open @BotFather, send /newbot, and complete the prompts. Copy the bot token BotFather returns and keep it ready for the next step.

2. Register Telegram with NemoClaw and rebuild the sandbox

nemoclaw <sandbox-name> channels add telegram

Paste the token when prompted. NemoClaw persists credentials and rebuilds the sandbox so OpenClaw can use Telegram as a messaging channel.

3. (If needed) Allow Telegram egress in the sandbox policy

If messages fail with network or policy errors after the channel is registered, inspect presets and add Telegram-related egress if your tier omitted it:

nemoclaw <sandbox-name> policy-list
nemoclaw <sandbox-name> policy-add telegram

Preset names follow your selected tier; confirm against Network policies.

NOTE

To approve blocked network requests for new endpoints at runtime, use the OpenShell TUI. See Approve or Deny Agent Network Requests.

4. Verify Telegram

Telegram uses long-polling (getUpdates) — the sandbox actively pulls messages from Telegram servers. No public URL or cloudflared tunnel is required for Telegram to work.

Open Telegram, find your bot, and send a message. The bot should forward traffic to the agent in your NemoClaw sandbox and reply.

NOTE

The first response may take longer depending on model size (30B models respond in a few seconds; larger models may take longer on first inference).

NOTE

If the bot does not respond:

  • Run nemoclaw <sandbox-name> status to confirm the sandbox is running and inference is healthy.
  • Run nemoclaw <sandbox-name> logs --follow and look for Telegram-related errors.
  • If Telegram egress is missing, run nemoclaw <sandbox-name> policy-add and select telegram.
  • If the channel was never registered, run nemoclaw <sandbox-name> channels add telegram.

NOTE

The channels add telegram wizard also prompts for an optional Telegram User ID to restrict who can DM the bot. Send /start to @userinfobot on Telegram to get your numeric user ID. If you skip this, the bot will require device pairing (a terminal-based code confirmation) before responding to messages.

NOTE

For details on restricting which Telegram chats can interact with the agent, see the NemoClaw Telegram bridge documentation.

5. (Optional) Install cloudflared for remote Web UI access

The cloudflared tunnel provides a public URL for the Web UI dashboard — it is not related to Telegram messaging.

Install cloudflared (DGX Spark is arm64):

curl -L --output cloudflared.deb \
  https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb
sudo dpkg -i cloudflared.deb

Start the tunnel:

nemoclaw tunnel start

Verify:

nemoclaw status

You should see ● cloudflared with a trycloudflare.com public URL.


Phase 3: Set Up NemoClaw Agent

Step 6
Set Up NemoClaw Agents

Set up NemoClaw Agents in general require three steps: Configure NemoClaw security policy, Run Agent Workflow Prompt, Personalize the Workflow for your own use case.

Checkout these Example NemoClaw Agents for reference. Consider sharing your NemoClaw agent setup with the community at DGX Spark Developer Forum


Phase 4: Update NemoClaw

Step 7
Update NemoClaw

To check whether a newer NemoClaw LKG release is available, run:

nemoclaw update --check

To update the host-side NemoClaw CLI to the current LKG release without prompts, run:

nemoclaw update --yes

This updates the host CLI only; it does not rebuild existing sandboxes. After updating, check whether any sandboxes need to be rebuilt:

nemoclaw upgrade-sandboxes --check

If stale sandboxes are reported, follow the command output to rebuild them.

For details, see the official NemoClaw command reference.


Phase 5: Cleanup and Uninstall

Step 8
Stop services

Stop the cloudflared tunnel:

nemoclaw tunnel stop

Stop the port forward:

openshell forward list          # find active forwards and their ports
openshell forward stop <port>   # stop the dashboard forward (use the port shown above)

Step 9
Uninstall NemoClaw

The NemoClaw CLI includes a built-in uninstaller. It removes all sandboxes, the OpenShell gateway, Docker containers/images/volumes, the CLI, and state directories. Docker, Node.js, npm, and the vLLM container image are preserved. Your ~/.nemoclaw/ user data (rebuild-backups/, backups/, sandboxes.json) is also preserved unless you pass --destroy-user-data.

nemoclaw uninstall --yes

To remove everything including the downloaded Ollama models:

nemoclaw uninstall --yes --delete-models

Uninstaller flags:

FlagEffect
--yesSkip the confirmation prompt
--keep-openshellLeave the openshell binary in place
--delete-modelsAlso remove Ollama models pulled by NemoClaw
--destroy-user-dataAlso remove preserved user data under ~/.nemoclaw/ (rebuild-backups/, backups/, sandboxes.json)

NOTE

If the nemoclaw CLI is not available (e.g. install failed partway), use the remote uninstaller as a fallback:

curl -fsSL https://raw.githubusercontent.com/NVIDIA/NemoClaw/refs/heads/main/uninstall.sh | bash -s -- --yes

The uninstaller runs up to 7 steps:

  1. Stop NemoClaw helper services and port-forward processes
  2. Delete all OpenShell sandboxes, the NemoClaw gateway, and providers
  3. Remove the global nemoclaw npm package
  4. Remove NemoClaw/OpenShell Docker containers, images, and volumes
  5. Remove downloaded Ollama models (only with --delete-models)
  6. Remove config/state directories (~/.config/openshell, ~/.config/nemoclaw) and the OpenShell binary
  7. Remove preserved user data under ~/.nemoclaw/ (rebuild-backups/, backups/, sandboxes.json) — only with --destroy-user-data

NOTE

~/.nemoclaw/ user data is preserved by default and only removed in step 7 with --destroy-user-data. If you have a local clone at ~/.nemoclaw/source you want to keep, move or back it up before running the uninstaller with that flag.

Useful commands

CommandDescription
nemoclaw my-assistant connectShell into the sandbox
nemoclaw my-assistant statusShow sandbox status and inference config
nemoclaw my-assistant logs --followStream sandbox logs in real time
nemoclaw listList all registered sandboxes
nemoclaw tunnel startStart cloudflared tunnel (public URL for remote Web UI access)
nemoclaw tunnel stopStop the cloudflared tunnel
nemoclaw my-assistant dashboard-url --quietPrint the full tokenized Web UI URL (includes auto-assigned port)
openshell termOpen the monitoring TUI on the host
openshell forward listList active port forwards
nemoclaw uninstall --yesRemove NemoClaw (preserves Docker, Node.js, vLLM image)
nemoclaw uninstall --yes --delete-modelsRemove NemoClaw and downloaded Ollama models

Resources

  • NemoClaw
  • NemoClaw Documentation
  • OpenClaw Documentation
  • DGX Spark Documentation
  • DGX Spark Forum