NVIDIA
Explore
Models
Blueprints
GPUs
Docs
⌘KCtrl+K
View All Playbooks
View All Playbooks

onboarding

  • Set Up Local Network Access
  • Open WebUI with Ollama

data science

  • Single-cell RNA Sequencing
  • Portfolio Optimization
  • CUDA-X Data Science
  • Text to Knowledge Graph
  • Optimized JAX

tools

  • DGX Dashboard
  • Comfy UI
  • Connect Three DGX Spark in a Ring Topology
  • Connect Multiple DGX Spark through a Switch
  • RAG Application in AI Workbench
  • Set up Tailscale on Your Spark
  • VS Code

fine tuning

  • FLUX.1 Dreambooth LoRA Fine-tuning
  • LLaMA Factory
  • Fine-tune with NeMo
  • Fine-tune with Pytorch
  • Unsloth on DGX Spark

use case

  • NemoClaw with Nemotron 3 Super and Telegram on DGX Spark
  • Secure Long Running AI Agents with OpenShell on DGX Spark
  • OpenClaw 🦞
  • Live VLM WebUI
  • Install and Use Isaac Sim and Isaac Lab
  • Vibe Coding in VS Code
  • Build and Deploy a Multi-Agent Chatbot
  • Connect Two Sparks
  • NCCL for Two Sparks
  • Build a Video Search and Summarization (VSS) Agent
  • Spark & Reachy Photo Booth

inference

  • Speculative Decoding
  • Run models with llama.cpp on DGX Spark
  • vLLM for Inference
  • Nemotron-3-Nano with llama.cpp
  • SGLang for Inference
  • TRT LLM for Inference
  • NVFP4 Quantization
  • Multi-modal Inference
  • NIM on Spark
  • LM Studio on DGX Spark

Secure Long Running AI Agents with OpenShell on DGX Spark

30 MINS

Run OpenClaw with local models in an NVIDIA OpenShell sandbox on DGX Spark

AI AgentDGXOpenShellSecuritySpark
OpenShell on GitHub
OverviewOverviewInstructionsInstructionsTroubleshootingTroubleshooting

Basic idea

OpenClaw is a local-first AI agent that runs on your machine, combining memory, file access, tool use, and community skills into a persistent assistant. Running it directly on your system means the agent can access your files, credentials, and network—creating real security risks.

NVIDIA OpenShell solves this problem. It is an open-source sandbox runtime that wraps the agent in kernel-level isolation with declarative YAML policies. OpenShell controls what the agent can read on disk, which network endpoints it can reach, and what privileges it has—without disabling the capabilities that make the agent useful.

By combining OpenClaw with OpenShell on DGX Spark, you get the full power of a local AI agent backed by 128GB of unified memory for large models, while enforcing explicit controls over filesystem access, network egress, and credential handling.

Notice & Disclaimers

Quick Start Safety Check

Use a clean environment only. Run this playbook on a fresh device or VM with no personal data, confidential information, or sensitive credentials. Think of it like a sandbox—keep it isolated.

By installing this playbook, you're taking responsibility for all third-party components, including reviewing their licenses, terms, and security posture. Read and accept before you install or use.

What You're Getting

The playbook showcases experimental AI agent capabilities. Even with cutting-edge open-source tools like OpenShell in your toolkit, you need to layer in proper security measures for your specific threat model.

Key Risks with AI Agents

Be mindful of these risks with AI agents:

  1. Data leakage – Any materials the agent accesses could be exposed, leaked, or stolen.

  2. Malicious code execution – The agent or its connected tools could expose your system to malicious code or cyber-attacks.

  3. Unintended actions – The agent might modify or delete files, send messages, or access services without explicit approval.

  4. Prompt injection & manipulation – External inputs or connected content could hijack the agent's behavior in unexpected ways.

Security Best Practices

No system is perfect, but these practices help keep your information and systems safe.

  1. Isolate your environment – Run on a clean PC or isolated virtual machine. Only provision the specific data you want the agent to access.

  2. Never use real accounts – Don't connect personal, confidential, or production accounts. Create dedicated test accounts with minimal permissions.

  3. Vet your skills/plugins – Only enable skills from trusted sources that have been vetted by the community.

  4. Lock down access – Ensure your OpenClaw UI or messaging channels aren't accessible over the network without proper authentication.

  5. Restrict network access – Where feasible, limit the agent's internet connectivity.

  6. Clean up after yourself – When you're done, remove OpenClaw and revoke all credentials, API keys, and account access you granted.

What you'll accomplish

You will install the OpenShell CLI (openshell), deploy a gateway on your DGX Spark, and launch OpenClaw inside a sandboxed environment using the pre-built OpenClaw community sandbox. The sandbox enforces filesystem, network, and process isolation by default. You will also configure local inference routing so OpenClaw uses a model running on your Spark without needing external API keys.

Popular use cases

  • Secure agent experimentation: Test OpenClaw skills and integrations without exposing your main filesystem or credentials to the agent.
  • Private enterprise development: Route all inference to a local model on DGX Spark. No data leaves the machine unless you explicitly allow it in the policy.
  • Auditable agent access: Version-control the policy YAML alongside your project. Review exactly what the agent can reach before granting access.
  • Iterative policy tuning: Monitor denied connections in real time with openshell term, then hot-reload updated policies without recreating the sandbox.

What to know before starting

  • Comfort with the Linux terminal and SSH
  • Basic understanding of Docker (OpenShell runs a k3s cluster inside Docker)
  • Familiarity with Ollama for local model serving
  • Awareness of the security model: OpenShell reduces risk through isolation but cannot eliminate all risk. Review the OpenShell documentation and OpenClaw security guidance.

Prerequisites

Hardware Requirements:

  • NVIDIA DGX Spark with 128GB unified memory
  • At least 70GB available memory for a large local model (e.g., gpt-oss:120b at ~65GB plus overhead), or 25GB+ for a smaller model (e.g., gpt-oss-20b)

Software Requirements:

  • NVIDIA DGX OS (Ubuntu 24.04 base)
  • Docker Desktop or Docker Engine running: docker info
  • Python 3.12 or later: python3 --version
  • uv package manager: uv --version (install with curl -LsSf https://astral.sh/uv/install.sh | sh)
  • Ollama 0.17.0 or newer (latest recommended for gpt-oss MXFP4 support): ollama --version
  • Network access to download Python packages from PyPI and model weights from Ollama
  • Have NVIDIA Sync installed and configured for your DGX Spark

Time & risk

  • Estimated time: 20–30 minutes (plus model download time, which depends on model size and network speed).

CAUTION

Risk level: Medium

  • OpenShell sandboxes enforce kernel-level isolation, significantly reducing the risk compared to running OpenClaw directly on the host.
  • The sandbox default policy denies all outbound traffic not explicitly allowed. Misconfigured policies may block legitimate agent traffic; use openshell logs to diagnose.
  • Large model downloads may fail on unstable networks.
  • Rollback: Delete the sandbox with openshell sandbox delete <sandbox-name>, stop the gateway with openshell gateway stop, and optionally destroy it with openshell gateway destroy. Ollama models can be removed with ollama rm <model>.
  • Last Updated: 03/13/2026

Resources

  • NVIDIA OpenShell Documentation
  • OpenShell PyPI
  • OpenClaw Documentation
  • OpenClaw Gateway Security
  • DGX Spark Documentation
  • DGX Spark Forum
Terms of Use
Privacy Policy
Your Privacy Choices
Contact

Copyright © 2026 NVIDIA Corporation