NemoClaw
AI 代理,安全为先。NVIDIA 出品。
一条命令,部署完整的 AI 代理安全栈。OpenShell 内核沙箱 + Nemotron 本地推理 + Privacy Router——为 OpenClaw 代理提供企业级安全。
快速开始
curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash 自动安装 Node.js、OpenShell 运行时和 NemoClaw CLI,安装完成后自动运行 nemoclaw onboard。
核心能力
OpenShell 安全沙箱
内核级 AI 代理隔离。策略驱动的沙箱环境,文件系统、网络、进程三个维度精细管控。
Privacy Router
本地 Nemotron 和云端模型之间智能切换。敏感数据不出设备,安全的请求才走云端。
Nemotron 本地推理
本地跑 Nemotron 3 Super 120B MoE。零 token 开销、零数据泄露,NVIDIA GPU 上完全离线。
网络策略引擎
出站流量默认全拒。每个外部连接都要运维批准,所有网络行为完整记录在审计日志里。
跨平台部署
GeForce RTX、RTX PRO、DGX Station、DGX Spark 都能跑。从开发工位到企业数据中心,全覆盖。
一键安装
一条命令把 OpenShell、Nemotron、Privacy Router、NemoClaw CLI 全部就位。
最新动态
从 OpenClaw 到 NemoClaw:安全演进之路
OpenClaw 爆发式增长至 300,000+ GitHub 星标的过程中暴露了关键的企业安全缺口,最终促成了与 NVIDIA 的合作以及 NemoClaw 的诞生。Peter Steinberger 亲述这段历程。
NemoClaw 生态系统:合作伙伴共建未来
Adobe、Salesforce、SAP、Dell、Cisco 和 LangChain 正在基于 NemoClaw 进行构建。一览不断增长的集成生态、合作伙伴承诺以及开放代理安全平台的路线图。
NemoClaw 的企业应用场景
企业如何部署 NemoClaw 实现客户支持自动化、销售运营、安全运营和基础设施管理。包含安全策略示例的真实场景。
大家怎么说
"Default-deny networking was the killer feature for us. Every outbound request our agents make is logged and requires approval. Exactly what our compliance team needed."
@secops_maria"Ran 'nemoclaw onboard' and had a fully sandboxed agent environment in under 5 minutes. OpenShell isolation gives us confidence to deploy AI agents in production."
@devops_mike"The Privacy Router is genius. Customer PII never leaves our infrastructure — only safe, anonymized queries hit the cloud models. Zero code changes from our existing agents."
@ai_sarah"Showed the OpenShell audit logs to our SOC 2 auditor. First time they've seen AI agent activity tracked at this level of detail. Passed with flying colors."
@ciso_tom"Running Nemotron locally means zero token cost for internal queries. We cut our cloud AI spend by 70% while actually improving data privacy. Win-win."
@mleng_jenny"Deployed NemoClaw on DGX Spark and it just works. Auto-detected the hardware, configured optimal model settings. One command to production-ready AI security."
@platform_raj"Default-deny networking was the killer feature for us. Every outbound request our agents make is logged and requires approval. Exactly what our compliance team needed."
@secops_maria"Ran 'nemoclaw onboard' and had a fully sandboxed agent environment in under 5 minutes. OpenShell isolation gives us confidence to deploy AI agents in production."
@devops_mike"The Privacy Router is genius. Customer PII never leaves our infrastructure — only safe, anonymized queries hit the cloud models. Zero code changes from our existing agents."
@ai_sarah"Showed the OpenShell audit logs to our SOC 2 auditor. First time they've seen AI agent activity tracked at this level of detail. Passed with flying colors."
@ciso_tom"Running Nemotron locally means zero token cost for internal queries. We cut our cloud AI spend by 70% while actually improving data privacy. Win-win."
@mleng_jenny"Deployed NemoClaw on DGX Spark and it just works. Auto-detected the hardware, configured optimal model settings. One command to production-ready AI security."
@platform_raj"OpenShell's sandbox isolation caught a rogue agent trying to access /etc/passwd. In production. Without NemoClaw, that would have been a security incident."
@infra_alex"Blueprints make repeatable secure deployments trivial. Define once, deploy everywhere. Every new agent gets the same security posture automatically."
@devsec_lisa"The network policy engine is exactly what we needed. Our agents can only reach pre-approved APIs. Everything else is blocked by default. Simple and effective."
@security_emma"Migrated 30 OpenClaw agents to NemoClaw. Zero code changes — just wrapped them in OpenShell sandboxes. Now we have full audit trails for every agent action."
@cloud_chris"As a startup handling healthcare data, NemoClaw's Privacy Router was non-negotiable. Patient data stays on our GPUs, period. HIPAA compliance out of the box."
@startup_nina"The OpenShell TUI is addictive. Watching agent actions in real-time, seeing network requests get approved or blocked — it's like Wireshark for AI agents."
@backend_kai"OpenShell's sandbox isolation caught a rogue agent trying to access /etc/passwd. In production. Without NemoClaw, that would have been a security incident."
@infra_alex"Blueprints make repeatable secure deployments trivial. Define once, deploy everywhere. Every new agent gets the same security posture automatically."
@devsec_lisa"The network policy engine is exactly what we needed. Our agents can only reach pre-approved APIs. Everything else is blocked by default. Simple and effective."
@security_emma"Migrated 30 OpenClaw agents to NemoClaw. Zero code changes — just wrapped them in OpenShell sandboxes. Now we have full audit trails for every agent action."
@cloud_chris"As a startup handling healthcare data, NemoClaw's Privacy Router was non-negotiable. Patient data stays on our GPUs, period. HIPAA compliance out of the box."
@startup_nina"The OpenShell TUI is addictive. Watching agent actions in real-time, seeing network requests get approved or blocked — it's like Wireshark for AI agents."
@backend_kai