Nemoclaw Setup

What Is Nemoclaw Setup?

Nemoclaw Setup is a Claude Code skill designed to automate the installation and configuration of NVIDIA NemoClaw, a sandboxed AI agent platform. Built on top of OpenClaw, NemoClaw leverages advanced container isolation technologies such as Landlock, seccomp, and Linux network namespaces.

The Nemoclaw Setup skill streamlines complex workflows, including Docker configuration, OpenShell integration, cloudflared tunnel provisioning, and robust security practices, making it easier for developers to deploy AI agents in secure, reproducible environments. Nemoclaw provides a web-based UI and terminal CLI for interacting with AI agents powered by NVIDIA Nemotron models, with support for both local and cloud inference.

The setup process, automated by this skill, is compatible with Linux systems (Ubuntu 22.04+ recommended) and is intended to work seamlessly in development scenarios, including on NVIDIA DGX servers and cloud platforms like Spark.

Why Use Nemoclaw Setup?

Deploying modern sandboxed AI agents is a non-trivial task, especially when strict isolation, GPU acceleration, and secure remote access are required. Manual setup often involves configuring Docker containers with advanced security profiles, resolving cgroup compatibility issues, setting up cloudflared tunnels for remote access, and dealing with various OS and dependency mismatches.

The Nemoclaw Setup skill abstracts away these complexities, providing a deterministic, automated workflow that ensures:

• Consistent, reproducible environments: Automated steps reduce human error and configuration drift.
• Security best practices: Built-in support for Linux sandboxing and network isolation.
• Time savings: Eliminates the tedium of manual setup, letting you focus on agent development and experimentation.
• Remote access: Integrated Cloudflare Tunnel support for secure, authenticated remote sessions.
• GPU utilization: Native support for NVIDIA GPUs and Nemotron models when available. By leveraging this skill, developers can rapidly bootstrap secure, isolated AI agent environments with minimal manual intervention.

How to Get Started Before running

Nemoclaw Setup, ensure your system satisfies the following prerequisites: | Requirement | Check Command | Installation Command | |-------------------------|-----------------------------|-----------------------------------------------| | Linux (Ubuntu 22.04+) | uname -a | — | | Docker | docker ps | sudo apt install docker.io | | Node.js 20+ (22 recommended) | node --version | nvm install 22 | | NVIDIA GPU (optional) | nvidia-smi | — | | NVIDIA API key | — | https://build.nvidia.com/settings/api-keys |

Step 1:

Pre-flight Checks Open a terminal and verify your environment:

# Docker running? docker ps 2>/dev/null || echo "Docker not running or no access" 

# Node.js version node --version 

# NemoClaw or OpenShell installed? which nemoclaw && nemoclaw --version which openshell && openshell --version

Step 2:

Initiate Setup If using Claude Code, trigger the skill using one of its recognized phrases, such as:

• "install nemoclaw" - "setup nemoclaw" - "nvidia nemoclaw" - "openclaw setup" - "nemoclaw on spark" - "nemoclaw on dgx" The skill will automatically perform the necessary steps to install and configure NemoClaw, including:
• Downloading and extracting the NemoClaw bundle.
• Ensuring Docker and Node.js are available.
• Applying cgroup compatibility fixes for Docker, if necessary.
• Setting up OpenShell as the agent runtime environment.
• Establishing a secure Cloudflare Tunnel for remote access (optional).
• Creating a sandboxed environment with network and filesystem isolation.

Step 3:

Accessing the Platform Once the installation is complete, you can interact with NemoClaw via its web UI or terminal CLI. If Cloudflare Tunnel is enabled, a public URL for remote access will be displayed.

Key Features - Automated Installation:

End-to-end automation for deploying NemoClaw, including all dependencies and configuration steps.

• Advanced Sandboxing: Uses Landlock, seccomp, and network namespaces for comprehensive process and network isolation.
• Cloudflared Tunnel Integration: Seamless provisioning of secure remote access endpoints.
• Docker & k3s Support: Leverages lightweight Kubernetes (k3s) within Docker, enabling scalable, containerized AI agent deployment.
• NVIDIA GPU Acceleration: Detects and utilizes available GPUs for running Nemotron models locally.
• Bug Workarounds: Automatically detects and applies fixes for known issues with Docker cgroups and Linux kernel quirks.
• Multiple Trigger Phrases: Flexible invocation for different deployment scenarios (local workstation, cloud, DGX server).

Best Practices - Perform Pre-flight Checks:

Always verify Docker and Node.js are correctly installed and running before initiating setup.

• Use Official Images: Ensure Docker pulls the latest official images for NemoClaw and dependencies to avoid compatibility issues.
• Secure API Keys: Store your NVIDIA API key securely and avoid exposing it in shared environments.
• Isolate Environments: Deploy each agent in its own sandbox to minimize blast radius in case of compromise.
• Monitor Resource Usage: Use docker stats and nvidia-smi to track CPU, memory, and GPU usage of running agents.
• Regularly Update: Keep NemoClaw and all related components up to date to benefit from the latest features andsecurity patches.
• Automate Backups: Regularly back up configuration files and agent data, especially before major upgrades or changes.
• Review Logs: Periodically inspect Docker, NemoClaw, and Cloudflared logs for anomalies or unauthorized access attempts.

Important Notes

• Root Privileges: Some setup steps require root or sudo access, especially for Docker and network configuration. Ensure you have the necessary permissions.
• Compatibility: While Ubuntu 22.04+ is recommended, other Linux distributions may require additional troubleshooting. GPU features require compatible NVIDIA drivers and hardware.
• Cloudflare Tunnel: Enabling remote access via Cloudflare Tunnel exposes your environment to the internet. Always use strong authentication and restrict access where possible.
• API Key Security: Treat your NVIDIA API key as sensitive. Never commit it to version control or share it in public forums.
• Resource Limits: When deploying multiple agents, set appropriate CPU, memory, and GPU limits to prevent resource exhaustion.

By following these guidelines and leveraging the Nemoclaw Setup skill, you can confidently deploy secure, scalable AI agent environments with minimal friction. For advanced configuration or troubleshooting, consult the official NemoClaw and OpenClaw documentation.