🗂 Source Map
▼- nemoclaw/src/commands/index.ts Lines 1-35
- nemoclaw/src/blueprint/resolver.ts Lines 10-55
- nemoclaw/src/blueprint/ssrf.ts Lines 1-30
- nemoclaw-blueprint/openclaw-sandbox.yaml Lines 1-25
Repository: NVIDIA/NemoClaw @ main
Getting Started
Install NemoClaw with a single command (requires Ubuntu 22.04+, Node.js 22.16+, Docker, 8 GB+ RAM):
Bash
# Install NemoClaw
curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash
# Run the interactive onboarding wizard
nemoclaw onboard
# Connect to your sandboxed agent
nemoclaw my-assistant connect
# Check sandbox health
nemoclaw my-assistant status
# Stream logs in real time
nemoclaw my-assistant logs --follow
# Open the monitoring terminal UI
openclaw tuiSource Code Walkthrough
CLI Command Registration
The plugin uses Commander.js to register subcommands. Each command delegates to a focused module.
import { Command } from 'commander';
import { onboard } from '../onboard/wizard';
import { connectSandbox } from './connect';
import { getSandboxStatus } from './status';
export function registerCommands(program: Command): void {
program
.command('onboard')
.description('Set up a new NemoClaw sandbox')
.action(onboard);
program
.command('<name> connect')
.description('Connect to a running sandbox')
.action(connectSandbox);
program
.command('<name> status')
.description('Check sandbox health')
.action(getSandboxStatus);
}Blueprint Resolution & Verification
The resolver downloads blueprints from the registry but validates the SHA-256 digest before execution, preventing supply-chain attacks.
import { createHash } from 'crypto';
import { readFile } from 'fs/promises';
interface BlueprintManifest {
version: string;
digest: string;
minPluginVersion: string;
}
export async function verifyBlueprint(
path: string,
expectedDigest: string
): Promise<boolean> {
const content = await readFile(path);
const actualDigest = createHash('sha256')
.update(content)
.digest('hex');
if (actualDigest !== expectedDigest) {
throw new Error(
'Blueprint digest mismatch -- possible tampering'
);
}
return true;
}SSRF Validation
Prevents the agent from tricking NemoClaw into making requests to internal network addresses.
const BLOCKED_RANGES = [
'127.0.0.0/8', // loopback
'10.0.0.0/8', // private class A
'172.16.0.0/12', // private class B
'192.168.0.0/16', // private class C
'169.254.0.0/16', // link-local
];
export function validateUrl(rawUrl: string): boolean {
const parsed = new URL(rawUrl);
if (!['http:', 'https:'].includes(parsed.protocol)) {
return false;
}
const ip = resolveHostname(parsed.hostname);
if (ip && isBlockedRange(ip, BLOCKED_RANGES)) {
return false;
}
return true;
}Sandbox Network Policy
The declarative YAML policy uses a Kubernetes-style format with deny-by-default egress.
apiVersion: openshell.nvidia.com/v1alpha1
kind: SandboxPolicy
metadata:
name: openclaw-baseline
spec:
network:
egress:
default: deny
allowlist:
- host: "api.nvidia.com"
ports: [443]
- host: "*.openai.com"
ports: [443]
filesystem:
readWrite:
- /sandbox
- /tmp
readOnly:
- /usr
- /lib
process:
capabilities:
drop: [ALL]
seccomp: restrictedDesign decisions: TypeScript for the plugin (runs in-process with the Node.js OpenClaw gateway). Python for the blueprint (better subprocess management and Docker interaction). Separate release cycles enable security patches without CLI changes.