Secure local agents from NVIDIA

AI agents are software that can read files, call tools, and keep working after you stop typing. NVIDIA published a guide on April 17 showing how to run that kind of agent locally with OpenClaw and NemoClaw instead of sending the work to a public cloud. (developer.nvidia.com) The setup NVIDIA describes uses OpenClaw as the assistant and NemoClaw as the wrapper that installs, configures, and manages it. NemoClaw runs OpenClaw inside NVIDIA OpenShell containers, which apply filesystem and network rules before the agent starts. (docs.nvidia.com) NVIDIA’s walkthrough targets DGX Spark hardware and connects the agent to Telegram so it can stay reachable from a phone or desktop chat client. The company says the stack serves the model locally, keeps execution on the device, and asks for approval when the agent wants outside access. (developer.nvidia.com) The basic problem is that persistent agents can do more than answer questions. NVIDIA’s docs say an unattended agent can make arbitrary network requests, access host files, and call inference endpoints unless the runtime blocks those actions by default. (docs.nvidia.com) NemoClaw’s answer is a policy layer around the agent. NVIDIA says the stack adds guided onboarding, versioned blueprints, egress controls for outbound connections, and routed inference so credentials stay on the host while the agent uses an internal gateway from inside the sandbox. (docs.nvidia.com) Under the hood, NVIDIA says OpenShell sits between the agent and the machine it runs on. The company describes that runtime as out-of-process policy enforcement with sandboxed execution, granular permissions, and a privacy router for model traffic. (developer.nvidia.com) OpenClaw itself is not NVIDIA software. The open-source project describes it as a personal AI assistant that runs on a user’s own devices and connects to messaging platforms including Telegram, Slack, Discord, Signal, Microsoft Teams, Matrix, and WhatsApp. (github.com) NVIDIA is also explicit that NemoClaw is early software. Its docs and GitHub repository say the project has been available in early preview since March 16, 2026, is in alpha, and is “not production-ready,” with interfaces and behavior still subject to change. (docs.nvidia.com, github.com) That caveat fits the pitch. NVIDIA is not presenting a finished consumer product; it is publishing a reference stack for developers who want an always-on local agent with tighter controls over what it can read, where it can connect, and when it can act. (docs.nvidia.com, developer.nvidia.com)