NemoClaw security row

NVIDIA published the NemoClaw announcement on March 16, 2026 and said the stack “installs in a single command,” bundling OpenShell and Nemotron components for on‑prem and cloud deployments. (investor.nvidia.com) The NemoClaw GitHub repository shows the project has attracted over 15k stars and roughly 1.6k forks, with hundreds of commits and active development since the GTC launch. (github.com) The repo’s issues tracker contains dozens of open reports and recent security‑tagged items filed by community users within days of the release. (github.com) Official docs and multiple community how‑to guides advertise a one‑command CLI “onboard” flow and quick sandbox launches, and some developers have posted that they could deploy a NemoClaw sandbox locally in minutes. (docs.nvidia.com) (nemoclaw.run) (x.com) Security researcher Zack Korman posted publicly that NemoClaw was “broken” and that its security claims were not yet verified. (x.com) Korman has previously published vulnerability findings and public disclosures on enterprise AI tooling. (pistachioapp.com) Community reporters and the issue tracker include concrete failures reproducible by users: a report that NVIDIA API keys were exposed in system logs (issue #429), sandbox egress proxies that kill WebSocket connections affecting Discord and other plugins (issue #409), and onboarding operations that are not resumable (issue #446). (github.com) NVIDIA and contributors have already merged security fixes and CI changes in the repo (including a recent change to validate endpoint URLs to mitigate SSRF), while an open RFC on “governance patterns for behavioral control inside the OpenShell sandbox” (#442) shows active debate about behavioral/trust controls versus technical isolation. (github.com 1) (github.com 2)