NemoClaw's install process is surprisingly smooth for alpha software. One curl command, a guided wizard, and you're running a sandboxed OpenClaw agent with privacy routing. Here's the full walkthrough.

You need Linux. Not macOS, not Windows, not WSL2. Actual Linux. NemoClaw uses kernel-level sandboxing through OpenShell, which requires Linux-specific syscalls.

Hardware minimums: 20 GB disk space, 8 GB RAM. If you plan to run Nemotron models locally for inference (which is the whole point of the privacy routing for sensitive data), you'll want more RAM. 16 GB is comfortable, 32 GB is better if you're running larger Nemotron variants.

One command:

curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash

Yes, it's a curl-pipe-bash. If that makes you uncomfortable (fair), download the script first and read it. The script checks if Node.js is installed and installs it if it's missing. Then it pulls down three things:

After downloading, it launches the onboard wizard.

The wizard walks you through four steps:

Sandbox configuration. It creates the OpenShell sandbox and asks which directories the agent should be able to access. Default is just the workspace directory. I'd keep it tight. You can always expand access later.

Inference setup. This is where you pick your LLM. You can point it at a cloud provider (Anthropic, OpenAI, etc.) or use a local Nemotron model. If you pick a cloud provider, the Privacy Router will sit between the agent and the API, classifying queries and stripping PII from anything sensitive before it leaves your machine.

Security policies. Network is default-deny. The wizard asks if you want to whitelist any outbound destinations. API endpoints for your LLM provider get whitelisted automatically. Everything else is blocked unless you add it.

Operator approval rules. You can configure which actions need human approval before execution. File writes outside the workspace, network requests to new domains, shell commands with elevated permissions. I'd turn all of these on initially.

When the wizard finishes, it prints a summary showing your sandbox status, which model you're using, and the management commands. Something like:

NemoClaw ready
  Sandbox:   active (OpenShell v0.4.2)
  Model:     nemotron-local (4B)
  Privacy:   router active, PII stripping on
  Network:   default-deny, 2 whitelisted

Commands:
  nemoclaw status    - show current config
  nemoclaw logs      - tail agent logs
  nemoclaw policy    - edit security policies
  nemoclaw shell     - open agent shell

The Privacy Router is doing more than just PII stripping. It classifies each outbound query by sensitivity level. High-sensitivity queries (anything touching personal data, credentials, financial info) get routed to the local Nemotron model and never leave your machine. Medium-sensitivity queries get PII-stripped and then sent to your cloud LLM. Low-sensitivity queries go straight through.

This classification isn't perfect. It's a heuristic, and in alpha it's conservative. It will sometimes route things locally that could safely go to the cloud, which means slower responses for those queries. I'd rather have false positives than false negatives here, so that's fine by me.

This is alpha software. The APIs can and will break between releases. Do not use this in production. Use it to learn the setup, evaluate the security model, and be ready to deploy for real once it stabilizes.