> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.nvidia.com/nemoclaw/llms.txt. > For full documentation content, see https://docs.nvidia.com/nemoclaw/llms-full.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.nvidia.com/nemoclaw/_mcp/server. # CLI Commands Reference > Full CLI reference for slash commands and standalone NemoClaw commands. The `nemoclaw` CLI is the primary interface for managing NemoClaw sandboxes. It is installed automatically by the installer (`curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash`). For guidance on when to use `nemoclaw` versus the underlying `openshell` CLI, see [CLI Selection Guide](/reference/cli-selection-guide). ## `/nemoclaw` Slash Command The `/nemoclaw` slash command is available inside the OpenClaw chat interface for quick actions: | Subcommand | Description | | ------------------- | ----------------------------------------------------------------- | | `/nemoclaw` | Show slash-command help and host CLI pointers | | `/nemoclaw status` | Show sandbox and inference state | | `/nemoclaw onboard` | Show onboarding status and reconfiguration guidance | | `/nemoclaw eject` | Show rollback instructions for returning to the host installation | ## Standalone Host Commands The `nemoclaw` binary handles host-side operations that run outside the OpenClaw plugin context. ### `nemoclaw help`, `nemoclaw --help`, `nemoclaw -h` Show the top-level usage summary and command groups. Running `nemoclaw` with no arguments shows the same help output. ```console $ nemoclaw help ``` ### `nemoclaw --version`, `nemoclaw -v` Print the installed NemoClaw CLI version. ```console $ nemoclaw --version ``` ### `nemoclaw onboard` Run the interactive setup wizard (recommended for new installs). The wizard creates an OpenShell gateway, registers inference providers, builds the sandbox image, and creates the sandbox. Use this command for new installs and for recreating a sandbox after changes to policy or configuration. ```console $ nemoclaw onboard [--non-interactive] [--resume | --fresh] [--recreate-sandbox] [--gpu | --no-gpu] [--from ] [--name ] [--sandbox-gpu | --no-sandbox-gpu] [--sandbox-gpu-device ] [--agent ] [--control-ui-port ] [--yes | -y] [--yes-i-accept-third-party-software] ``` For NemoClaw-managed environments, use `nemoclaw onboard` when you need to create or recreate the OpenShell gateway or sandbox. Avoid `openshell self-update`, `npm update -g openshell`, `openshell gateway start --recreate`, or `openshell sandbox create` directly unless you intend to manage OpenShell separately and then rerun `nemoclaw onboard`. The installer detects existing sandbox sessions before onboarding and prints a warning if any are found. To make the installer abort instead of continuing, set `NEMOCLAW_SINGLE_SESSION=1`: ```console $ NEMOCLAW_SINGLE_SESSION=1 curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` When existing sandboxes were created with OpenShell earlier than `0.0.37`, the installer prompts before running the new automatic gateway upgrade path. For scripted installs, set `NEMOCLAW_ACCEPT_EXPERIMENTAL_OPENSHELL_UPGRADE=1` to allow the installer to back up registered sandbox state, retire the old gateway, install the current supported OpenShell release, and restore state during onboarding. The automatic path is disabled if the existing `nemoclaw` CLI does not advertise `backup-all`; preserve sandbox state manually before retiring the old gateway in that case. To perform those steps manually, run `nemoclaw backup-all`, retire the old gateway with `openshell gateway destroy -g nemoclaw || openshell gateway destroy`, then rerun the installer as `curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_OPENSHELL_UPGRADE_PREPARED=1 bash`. The wizard prompts for a provider first, then collects the provider credential if needed. Supported non-experimental choices include NVIDIA Endpoints, OpenAI, Anthropic, Google Gemini, and compatible OpenAI or Anthropic endpoints. Credentials are registered with the OpenShell gateway and never persisted to host disk. See [Credential Storage](/security/credential-storage) for details on inspection, rotation, and migration from earlier releases. The legacy `nemoclaw setup` command is deprecated; use `nemoclaw onboard` instead. After provider selection, the wizard prompts for a **policy tier** that controls the default set of network policy presets applied to the sandbox. Three tiers are available: | Tier | Description | | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | Restricted | Base sandbox only. No third-party network access beyond inference and core agent tooling. | | Balanced (default) | Full dev tooling and web search when the active agent supports web search. Package installs, model downloads, and inference. No messaging platform access. | | Open | Broad access across third-party services including messaging and productivity. Agent-specific unsupported presets are filtered out. | After selecting a tier, the wizard shows a combined preset and access-mode screen where you can include or exclude individual presets and toggle each between read and read-write access. For details on tiers and the presets each includes, see [Network Policies](/reference/network-policies#policy-tiers). In non-interactive mode, set the tier with `NEMOCLAW_POLICY_TIER` (default: `balanced`): ```console $ NEMOCLAW_POLICY_TIER=restricted nemoclaw onboard --non-interactive --yes-i-accept-third-party-software ``` `NEMOCLAW_POLICY_MODE` controls how non-interactive onboarding reconciles the tier-derived suggestions against the sandbox's currently-applied presets. The default is `suggested`, which is *additive*. Onboarding applies tier defaults and preserves any presets you previously added with [`nemoclaw policy-add`](#nemoclaw-name-policy-add) across re-onboards. Use `custom` with `NEMOCLAW_POLICY_PRESETS` when you want the explicit list to be authoritative. Onboarding removes any preset that is not in the list. `skip` leaves the applied set untouched and does not apply tier defaults. NemoClaw filters tier suggestions and resume selections by active agent support, so unsupported presets such as Brave Search are not reapplied to agents that do not support them. | Value | Behaviour | | --------------------- | --------------------------------------------------------------------------------------------------------------- | | `suggested` (default) | Apply tier defaults and preserve any extra presets already applied. Aliases: `default`, `auto`. | | `custom` | Apply exactly `NEMOCLAW_POLICY_PRESETS`. Previously-applied presets not in the list are removed. Alias: `list`. | | `skip` | Skip the policy step entirely. Aliases: `none`, `no`. | If you enable Brave Search during onboarding, NemoClaw currently stores the Brave API key in the sandbox's OpenClaw configuration. That means the OpenClaw agent can read the key. NemoClaw explores an OpenShell-hosted credential path first, but the current OpenClaw Brave runtime does not consume that path end to end yet. Treat Brave Search as an explicit opt-in and use a dedicated low-privilege Brave key. For non-interactive onboarding, you must explicitly accept the third-party software notice: ```console $ nemoclaw onboard --non-interactive --yes-i-accept-third-party-software ``` or: ```console $ NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 nemoclaw onboard --non-interactive ``` For scripted installer runs, pass explicit acceptance to the `bash` side of the installer pipe: ```console $ curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_NON_INTERACTIVE=1 NEMOCLAW_ACCEPT_THIRD_PARTY_SOFTWARE=1 bash ``` If the installer cannot prompt for the notice in a terminal and no explicit acceptance is set, it exits before installing Node.js or the NemoClaw CLI. To enable Brave Search in non-interactive mode, set: ```console $ BRAVE_API_KEY=... \ nemoclaw onboard --non-interactive ``` `BRAVE_API_KEY` enables Brave Search in non-interactive mode and also enables `web_fetch`. If Brave Search key validation fails in non-interactive mode, onboarding prints a warning, skips web search setup, and continues with the rest of the sandbox setup. After fixing the key, re-enable web search with `nemoclaw config web-search`. The wizard prompts for a sandbox name. Names must be 1 to 63 characters, lowercase, start with a letter, contain only letters, numbers, and internal hyphens, and end with a letter or number. Uppercase letters are automatically lowercased. Names that match global CLI commands (`status`, `list`, `debug`, etc.) are rejected to avoid routing conflicts. Use `--agent ` to target a specific installed agent profile during onboarding. Use `--control-ui-port ` to choose the host dashboard port for a sandbox. The value must be an integer from `1024` through `65535`. This flag takes precedence over `CHAT_UI_URL`, `NEMOCLAW_DASHBOARD_PORT`, the previous registry value, and the default port. If you enable Slack during onboarding, the wizard collects both the Bot Token (`SLACK_BOT_TOKEN`) and the App-Level Token (`SLACK_APP_TOKEN`). Socket Mode requires both tokens. The app-level token is stored in a dedicated `slack-app` OpenShell provider and forwarded to the sandbox alongside the bot token. If you enable Discord during onboarding, the wizard can also prompt for a Discord Server ID, whether the bot should reply only to `@mentions` or to all messages in that server, and an optional Discord User ID. NemoClaw bakes those values into the sandbox image as Discord guild workspace config so the bot can respond in the selected server, not just in DMs. If you leave the Discord User ID blank, the guild config omits the user allowlist and any member of the configured server can message the bot. Guild responses remain mention-gated by default unless you opt into all-message replies. If you enable Telegram during onboarding, the wizard can also prompt for whether group chats should reply only to `@mentions` or to all group messages. Set `TELEGRAM_REQUIRE_MENTION=1` for non-interactive onboarding when you want mention-only group replies. Pairing and `TELEGRAM_ALLOWED_IDS` still govern direct messages. If you run onboarding again with the same sandbox name and choose a different inference provider or model, NemoClaw detects the drift and recreates the sandbox so the running OpenClaw UI matches your selection. In interactive mode, the wizard asks for confirmation before delete and recreate. In non-interactive mode, NemoClaw recreates automatically when the stored selection is readable and differs; if NemoClaw cannot read the stored selection, NemoClaw reuses by default. Set `NEMOCLAW_RECREATE_SANDBOX=1` to force recreation even when no drift is detected. Before creating the gateway, the wizard runs preflight checks. It verifies that Docker is reachable, warns on untested runtimes such as Podman, and prints host remediation guidance when prerequisites are missing. The preflight also enforces the OpenShell version range declared in the blueprint (`min_openshell_version` and `max_openshell_version`). If the installed OpenShell version falls outside this range, onboarding exits with an actionable error and a link to compatible releases. For fresh OpenShell installs, NemoClaw queries published OpenShell releases and asks the installer to use a release that fits the blueprint range. If release metadata is unavailable, the installer uses its bundled fallback pin and the post-install version gate still enforces the range. When NemoClaw finds an existing gateway to reuse, it probes the host gateway HTTP endpoint before declaring the gateway reusable. If the container is running but the upstream is still warming up (for example, immediately after a Docker daemon restart), NemoClaw rebuilds the gateway instead of trusting stale metadata. For Linux Docker-driver gateways, onboarding also checks that a helper container on the OpenShell Docker network can reach `host.openshell.internal:`. If a host firewall blocks that sandbox path, onboarding exits with a `sudo ufw allow from to any port proto tcp` command before it reports the gateway healthy. Tune the wait via `NEMOCLAW_REUSE_HEALTH_POLL_COUNT` (default `6`) and `NEMOCLAW_REUSE_HEALTH_POLL_INTERVAL` (default `5` seconds). The poll count is clamped to a minimum of `1` so the probe always runs at least once, and the interval is clamped to a minimum of `0` (no sleep between attempts). #### `--from ` Build the sandbox image from a custom Dockerfile instead of the stock NemoClaw image. The entire parent directory of the specified file is used as the Docker build context, so any files your Dockerfile references (scripts, config, etc.) must live alongside it. Onboarding skips common large directories (`node_modules`, `.git`, `.venv`, and `__pycache__`) while staging this context. It also skips credential-style files and directories such as `.env*`, `.ssh/`, `.aws/`, `.netrc`, `.npmrc`, `secrets/`, `*.pem`, and `*.key`. Other build outputs such as `dist/`, `target/`, or `build/` are still included. If the staged context is larger than 100 MB, onboarding prints a warning before the Docker build starts. If the directory contains unreadable files (for example, Windows system files visible in WSL), onboarding exits with an error suggesting you move the Dockerfile to a dedicated directory. ```console $ nemoclaw onboard --from path/to/Dockerfile ``` The Dockerfile path must exist. Missing paths fail during command parsing before preflight, gateway setup, inference setup, or sandbox creation starts. The file can have any name; if it is not already named `Dockerfile`, onboard copies it to `Dockerfile` inside the staged build context automatically. To create an isolated build context, create a dedicated directory that contains only the Dockerfile and the files it needs: ```text build-dir/ ├── Dockerfile └── files-used-by-COPY/ ``` All NemoClaw build arguments (`NEMOCLAW_MODEL`, `NEMOCLAW_PROVIDER_KEY`, `NEMOCLAW_INFERENCE_BASE_URL`, etc.) are injected as `ARG` overrides at build time, so declare them in your Dockerfile if you need to reference them. In non-interactive mode, the path can also be supplied via the `NEMOCLAW_FROM_DOCKERFILE` environment variable. You must also supply a sandbox name via `--name ` or `NEMOCLAW_SANDBOX_NAME` so a `--from` build cannot silently clobber the default `my-assistant` sandbox. ```console $ NEMOCLAW_NON_INTERACTIVE=1 NEMOCLAW_FROM_DOCKERFILE=path/to/Dockerfile NEMOCLAW_SANDBOX_NAME=my-build nemoclaw onboard ``` If a `--resume` is attempted with a different `--from` path than the original session, onboarding exits with a conflict error rather than silently building from the wrong image. #### `--name ` Set the sandbox name without going through the interactive prompt. The same name format and reserved-name rules that the wizard enforces apply here too. Names must be 1 to 63 characters, lowercase, start with a letter, contain only letters, numbers, and internal hyphens, and end with a letter or number. Names that match a NemoClaw CLI command (`status`, `list`, `debug`, etc.) are rejected up front. ```console $ nemoclaw onboard --non-interactive --name my-build --from path/to/Dockerfile ``` The flag wins over `NEMOCLAW_SANDBOX_NAME`. When prompting is possible, `NEMOCLAW_SANDBOX_NAME` fills the interactive default so you can press Enter to accept it. When prompting is impossible (no TTY or `--non-interactive`), the env var is also honoured so existing CI scripts keep working. Combining `--from ` with non-interactive onboarding requires one of `--name` or `NEMOCLAW_SANDBOX_NAME`; otherwise onboarding exits rather than silently defaulting to `my-assistant` and clobbering the default sandbox. ### `nemoclaw onboard --from` Use a custom Dockerfile for the sandbox image. This variant of `nemoclaw onboard` accepts a `--from ` argument to build the sandbox from a user-supplied Dockerfile instead of the default NemoClaw image. ```console $ nemoclaw onboard --from ./Dockerfile.custom ``` ### GPU passthrough When `nemoclaw onboard` detects an NVIDIA GPU on the host (`nvidia-smi` succeeds), it enables OpenShell GPU passthrough at both the gateway and sandbox level by default. Use `--no-gpu` to opt out when you want host-side inference providers only and do not need direct GPU access inside the sandbox. Use `--gpu` to require GPU passthrough and fail fast if an NVIDIA GPU is not detected. Use `--sandbox-gpu` or `--no-sandbox-gpu` to control only direct NVIDIA GPU access inside the sandbox. Use `--sandbox-gpu --sandbox-gpu-device ` to pass a specific OpenShell GPU device selector to `openshell sandbox create`; device selectors require explicit sandbox GPU enablement. On Linux Docker-driver gateways, NemoClaw can create the sandbox first and then recreate the OpenShell-managed Docker container with NVIDIA GPU access when that compatibility path is needed. If the patch fails, onboarding keeps diagnostics and prints a manual cleanup command rather than deleting the failed sandbox automatically. Prerequisites: * NVIDIA GPU drivers installed and working (`nvidia-smi` must succeed). * NVIDIA Container Toolkit configured for Docker. When GPU passthrough is enabled and a gateway already exists without it, onboarding first checks whether replacing the CPU-only gateway is safe. If no other registered sandbox depends on that gateway, or if `--recreate-sandbox` is recreating the only registered sandbox with the same name, onboarding cleans up the stale gateway and continues. If other sandboxes depend on the gateway or Docker state is unclear, onboarding exits without cleanup and prints targeted destroy or gateway-removal guidance. To add GPU to an existing sandbox, rerun with `--recreate-sandbox`. Set `NEMOCLAW_DOCKER_GPU_PATCH=0` only when you need to bypass the Linux Docker-driver compatibility patch during troubleshooting. ### `nemoclaw list` List all registered sandboxes with their model, provider, and policy presets. Pass `--json` for machine-readable output that includes a `schemaVersion`, the default sandbox, recovery metadata, and the sandbox inventory. Sandboxes with an active SSH session are marked with a `●` indicator so you can tell at a glance which sandbox you are already connected to in another terminal. When a sandbox has a recorded dashboard port, the output includes its local dashboard URL. ```console $ nemoclaw list [--json] $ nemoclaw list --json ``` ### `nemoclaw deploy` The `nemoclaw deploy` command is deprecated. Prefer provisioning the remote host separately, then running the standard NemoClaw installer and `nemoclaw onboard` on that host. Deploy NemoClaw to a remote GPU instance through [Brev](https://brev.nvidia.com). This command remains as a compatibility wrapper for the older Brev-specific bootstrap flow. The Brev instance name is the positional argument. The sandbox name comes from `NEMOCLAW_SANDBOX_NAME` and defaults to `my-assistant`; invalid sandbox names fail before Brev provisioning starts. ```console $ nemoclaw deploy ``` ### `nemoclaw connect` Connect to a sandbox by name. If the sandbox is not yet in the `Ready` phase, `connect` polls `openshell sandbox list` every few seconds and prints the current phase. This gives you progress output right after onboarding, when the 2.4 GB image is still pulling, instead of a silent hang. Control the wait budget with `NEMOCLAW_CONNECT_TIMEOUT` (integer seconds, default `120`). When the deadline expires, `connect` exits non-zero with the last-seen phase. On a TTY, a one-shot hint prints before dropping into the sandbox shell. The hint is agent-aware. It names the correct TUI command for the sandbox's agent and reminds you to use `/exit` to leave the chat before `exit` returns you to the host shell. Set `NEMOCLAW_NO_CONNECT_HINT=1` to suppress the hint in scripted workflows. If the sandbox is running an outdated agent version, a non-blocking warning prints before connecting with a `nemoclaw rebuild` hint. If another terminal is already connected to the sandbox, `connect` prints a note with the number of existing sessions before proceeding. Multiple concurrent sessions are allowed. After a host reboot, the OpenShell gateway rotates its SSH host keys. `connect` detects the resulting identity drift, prunes stale `openshell-*` entries from `~/.ssh/known_hosts`, and retries automatically. You no longer need to re-run `nemoclaw onboard` after a reboot in this case. ```console $ nemoclaw my-assistant connect [--probe-only] ``` The `--probe-only` flag verifies the sandbox is reachable over SSH and exits without opening a shell. Use it for health checks and scripted readiness probes. ### `nemoclaw recover` Restart the in-sandbox gateway and re-establish the host-side dashboard port-forward without opening an SSH session. Use this after a sandbox pod restart, a sandbox crash, or whenever `nemoclaw status` reports the gateway is not running but the sandbox is alive. `recover` runs the same recovery the `connect` command performs as a side effect, but without dropping into a shell, so it is safe to call from scripts and automation. It is idempotent. If the gateway is already running, the command exits zero with a probe message and makes no changes. ```console $ nemoclaw my-assistant recover ``` ### `nemoclaw status` Show sandbox status, health, and inference configuration. The command probes every inference provider and reports one of three states on the `Inference` line: | State | Meaning | | -------------- | -------------------------------------------------------------------------------------- | | `healthy` | The provider endpoint returned a reachable response. | | `unreachable` | The probe failed. The output includes the endpoint URL and a remediation hint. | | `not probed` | The endpoint URL is not known (for example, `compatible-*` providers). | | `not verified` | NemoClaw could not verify the sandbox or gateway state, so it skips inference probing. | Local providers (Ollama, vLLM) probe the host-side health endpoint. Remote providers (NVIDIA Endpoints, OpenAI, Anthropic, Gemini) use a lightweight reachability check; any HTTP response, including `401` or `403`, counts as reachable. No API keys are sent. For Local Ollama, the command also probes the authenticated proxy and prints an `Inference (auth proxy)` line when a proxy token is available. Use that line to distinguish a healthy backend from a broken proxy path that the sandbox uses for inference. For cloud-only providers, the output omits the NIM status line unless a NIM container is registered or an unexpected NIM container is running. If the sandbox or gateway cannot be verified, the command exits non-zero instead of reporting healthy inference from stale registry state. Gateway and dashboard health checks treat HTTP `401` from device auth as a live service, not as an offline gateway. A `Connected` line reports whether the sandbox has any active SSH sessions and, if so, how many. The sandbox list in the status output includes the dashboard port suffix for sandboxes with a recorded dashboard port. The Policy section displays the live enforced policy (fetched via `openshell policy get --full`), which reflects presets added or removed after sandbox creation. When OpenShell reports an active policy version, the displayed YAML `version` line uses that active version instead of the static schema version. If the sandbox is running an outdated agent version, the output includes an `Update` line with the available version and a `nemoclaw rebuild` hint. When other sandboxes have the same messaging channel enabled (Telegram, Discord, or Slack) with the same bot token, the output includes a cross-sandbox overlap warning so you can resolve the conflict before messages start dropping. The command also tails `/tmp/gateway.log` inside the default sandbox and flags Telegram `409 Conflict` errors that indicate a duplicate consumer for the bot token. ```console $ nemoclaw my-assistant status ``` #### Checking the OpenClaw version NemoClaw pins the OpenClaw version inside the sandbox at build time, not at runtime. The minimum version comes from `min_openclaw_version` in `nemoclaw-blueprint/blueprint.yaml`, and the sandbox image upgrades OpenClaw to that version during `docker build` if the cached base image is older. Existing sandboxes do not auto-upgrade when a newer NemoClaw release ships a newer pin — you upgrade by rebuilding the sandbox. `nemoclaw status` prints the running OpenClaw version on the `Agent` line: ```console $ nemoclaw my-assistant status ... Agent: OpenClaw v2026.4.24 ... ``` If the sandbox is running an OpenClaw older than the version this NemoClaw release pins, `status` and `connect` add an `Update` line pointing at `nemoclaw rebuild` to pick up the newer version. The rebuild reuses the existing sandbox name and persisted credentials, so messaging tokens and provider keys carry over. ### `nemoclaw doctor` Run a focused health check for one sandbox and the host services it depends on. The command checks the local CLI build, Docker daemon, OpenShell CLI, NemoClaw gateway container, gateway port mapping, live sandbox state, inference route, provider reachability, messaging channel conflicts, Ollama reachability, and the cloudflared tunnel state. Warnings do not make the command fail. Failed checks exit non-zero so scripts can use `doctor` as a readiness gate. Use `--json` for machine-readable output. ```console $ nemoclaw my-assistant doctor [--json] ``` ### `nemoclaw logs` View sandbox logs. Use `--follow` to stream output in real time. Use `--tail ` or `-n ` to limit the number of returned lines. Use `--since ` to show recent logs only, such as `5m`, `1h`, or `30s`. The command reads both OpenClaw gateway output and OpenShell audit events, so policy denials appear alongside the gateway log stream. If one log source is unavailable, NemoClaw prints a warning and keeps reading the remaining source. ```console $ nemoclaw my-assistant logs [--follow] [--tail |-n ] [--since ] ``` ### `nemoclaw gateway-token` Print the OpenClaw gateway auth token for a running sandbox to stdout. The token is required by `openclaw tui` and the OpenClaw dashboard URL, but onboarding only prints it once. Pipe it into automation or capture it into an environment variable: ```console $ TOKEN=$(nemoclaw my-assistant gateway-token --quiet) $ export OPENCLAW_GATEWAY_TOKEN="$TOKEN" ``` The token is written to stdout with no surrounding text. A one-line security warning is written to stderr; pass `--quiet` (or `-q`) to suppress it. The command exits non-zero with a diagnostic on stderr when the sandbox is not registered or when the token cannot be retrieved (for example, if the sandbox is not running). Treat the gateway token like a password. Do not log it, share it, or commit it to version control. ### `nemoclaw destroy` Stop the NIM container, remove the host-side Docker image built during onboard, and delete the sandbox. This removes the sandbox from the registry. For Ollama-backed sandboxes, `destroy` also asks Ollama to unload currently loaded models and clears stale auth proxy state on a best-effort basis. This command permanently deletes the sandbox **and its persistent volume**. All [workspace files](/manage-sandboxes/workspace-files) (SOUL.md, USER.md, IDENTITY.md, AGENTS.md, MEMORY.md, and daily memory notes) are lost. Back up your workspace first with `nemoclaw snapshot create` or see [Backup and Restore](/manage-sandboxes/backup-restore). If you want to upgrade the sandbox while preserving state, use `nemoclaw rebuild` instead. If another terminal has an active SSH session to the sandbox, `destroy` prints an active-session warning and requires a second confirmation before it proceeds. Pass `--yes`, `-y`, or `--force` to skip the prompt in scripted workflows. By default, `destroy` preserves the shared NemoClaw gateway. Pass `--cleanup-gateway` to remove the shared gateway when destroying the last sandbox, or `--no-cleanup-gateway` to force preservation when environment defaults request cleanup. ```console $ nemoclaw my-assistant destroy [--yes|-y|--force] [--cleanup-gateway|--no-cleanup-gateway] ``` ### `nemoclaw policy-add` Add a policy preset to a sandbox. Presets extend the baseline network policy with additional endpoints. Before applying, the command shows which endpoints the preset would open and prompts for confirmation. ```console $ nemoclaw my-assistant policy-add ``` To apply a specific preset without the interactive picker, pass its name as a positional argument: ```console $ nemoclaw my-assistant policy-add pypi --yes ``` The positional form is required in scripted workflows. Set `NEMOCLAW_NON_INTERACTIVE=1` instead of `--yes` if you want the same behavior from an environment variable. If the preset name is unknown or already applied, the command exits non-zero with a clear error. | Flag | Description | | -------------------- | ------------------------------------------------------------------------------------- | | `--from-file ` | Apply a custom preset YAML file instead of a built-in preset | | `--from-dir ` | Apply every custom preset YAML file in a directory in lexicographic order | | `--yes`, `--force` | Skip the confirmation prompt (requires a preset name, `--from-file`, or `--from-dir`) | | `--dry-run` | Preview the endpoints a preset would open without applying changes | Use `--dry-run` to audit a preset before applying it: ```console $ nemoclaw my-assistant policy-add --dry-run ``` Apply a custom preset file when you need to grant access to an endpoint that is not covered by a built-in preset: ```console $ nemoclaw my-assistant policy-add --from-file ./presets/my-internal-api.yaml ``` For batch workflows, apply all preset files from a directory: ```console $ nemoclaw my-assistant policy-add --from-dir ./presets/ --yes ``` Review every host in custom preset files before applying them. Custom presets bypass the built-in preset review process and can widen sandbox egress. ### `nemoclaw policy-list` List available policy presets and show which ones are applied to the sandbox. The command cross-references the local registry against the live gateway state (via `openshell policy get`), so it flags presets that are applied in one place but not the other. This catches desync caused by external edits to the gateway policy or stale registry entries after a manual rollback. ```console $ nemoclaw my-assistant policy-list ``` ### `nemoclaw policy-remove` Remove a previously applied policy preset from a sandbox. The command lists only the presets currently applied, prompts you to select one, shows the endpoints that would be removed, and asks for confirmation before narrowing egress. ```console $ nemoclaw my-assistant policy-remove ``` To remove a specific preset non-interactively, pass its name as a positional argument: ```console $ nemoclaw my-assistant policy-remove pypi --yes ``` Set `NEMOCLAW_NON_INTERACTIVE=1` as an alternative to `--yes`. If the preset is unknown or not currently applied, the command exits non-zero with a clear error. | Flag | Description | | ------------------ | ----------------------------------------------------------------- | | `--yes`, `--force` | Skip the confirmation prompt (requires a preset name) | | `--dry-run` | Preview which endpoints would be removed without applying changes | Unchecking a preset in the onboard TUI checkbox also removes it from the sandbox. ### `nemoclaw hosts-add` Add a host alias to the sandbox pod template. Use this when a sandbox needs a stable LAN-only name, such as a local SearXNG or internal model endpoint, without dropping to `docker exec` and `kubectl patch`. ```console $ nemoclaw my-assistant hosts-add searxng.local 192.168.1.105 ``` The command validates the hostname and IP address, rejects duplicate hostnames, and patches `spec.podTemplate.spec.hostAliases` on the sandbox resource. | Flag | Description | | ----------- | ----------------------------------------------------------------------------- | | `--dry-run` | Print the JSON patch for the resulting `hostAliases` list without applying it | ### `nemoclaw hosts-list` List host aliases configured on the sandbox resource. ```console $ nemoclaw my-assistant hosts-list ``` ### `nemoclaw hosts-remove` Remove a hostname from the sandbox `hostAliases` list. ```console $ nemoclaw my-assistant hosts-remove searxng.local ``` | Flag | Description | | ----------- | ----------------------------------------------------------------------------- | | `--dry-run` | Print the JSON patch for the resulting `hostAliases` list without applying it | ### `nemoclaw channels list` List the messaging channels NemoClaw knows about (`telegram`, `discord`, `slack`, `wechat`, `whatsapp`) with a short description. The command is a static reference; it does not consult credentials or the running sandbox. ```console $ nemoclaw my-assistant channels list ``` ### `nemoclaw channels add ` Register a messaging channel with the sandbox and rebuild so the image picks up the new channel. Channels fall into three login modes: * **Token paste** (`telegram`, `discord`, `slack`): the command prompts for any missing token and registers it with the OpenShell gateway. * **Host-side QR** (`wechat`): the command runs an interactive host-side QR scan to capture a static session token, then registers it with the gateway. * **In-sandbox QR** (`whatsapp`): the command records the channel without a host-side token or OpenShell credential provider. NemoClaw advertises WhatsApp for OpenClaw and Hermes sandboxes; after rebuild, run `openclaw channels login --channel whatsapp` for OpenClaw or `hermes whatsapp` for Hermes. This intentionally leaves QR-created mutable session state in the sandbox until you unpair it or clear the durable agent state. After registering the channel, NemoClaw asks whether to rebuild immediately. Running `add` for an already-configured channel simply overwrites the stored credentials where applicable — the operation is idempotent. Channel names are trimmed and lowercased before NemoClaw stores credentials, names bridge providers, or prints rebuild messages. If a matching built-in network policy preset exists, NemoClaw applies it to the sandbox before the rebuild so the bridge has egress to its upstream API; if applying the preset fails, NemoClaw warns and tells you to re-apply manually with `nemoclaw policy-add `. ```console $ nemoclaw my-assistant channels add telegram ``` | Flag | Description | | ----------- | ------------------------------------------------------------------------------ | | `--dry-run` | Validate the channel and token inputs without saving credentials or rebuilding | Slack requires both `SLACK_BOT_TOKEN` (bot user OAuth) and `SLACK_APP_TOKEN` (app-level Socket Mode token); the command prompts for each in turn. When `NEMOCLAW_NON_INTERACTIVE=1` is set, any missing token fails fast and no rebuild prompt is shown — instead, the change is queued and you are told to run `nemoclaw rebuild` manually. ### `nemoclaw channels remove ` Clear the stored credentials for a messaging channel and rebuild the sandbox so the image drops the channel. Running `remove` for a channel that was never configured is a no-op against the credentials file and still triggers the rebuild prompt. When the bridge provider is attached to a live sandbox, NemoClaw detaches it before deleting the provider from the OpenShell gateway. If the matching built-in policy preset is applied, such as `telegram`, `discord`, `slack`, `wechat`, or `whatsapp`, NemoClaw also removes that preset so the upstream API is no longer allow-listed after the channel is gone. ```console $ nemoclaw my-assistant channels remove telegram ``` | Flag | Description | | ----------- | ----------------------------------------------------------------------------------- | | `--dry-run` | Report the channel that would be removed without clearing credentials or rebuilding | As with `channels add`, `NEMOCLAW_NON_INTERACTIVE=1` skips the rebuild prompt and queues the change for a manual `nemoclaw rebuild`. Host-side removal is the supported path because agent channel config is baked into the container image at build time (`/sandbox/.openclaw/openclaw.json` for OpenClaw and `/sandbox/.hermes/.env` for Hermes); agent-specific channel removals inside the sandbox would modify the running config but not persist changes across rebuilds. ### `nemoclaw channels stop ` Pause a single messaging bridge (`telegram`, `discord`, `slack`, `wechat`, or `whatsapp`) without clearing its credentials. The channel is marked disabled in the per-sandbox registry, and the sandbox is rebuilt so the onboard step skips registering the bridge with the gateway. The provider stays registered with the OpenShell gateway, so a later `channels start` brings the bridge back without re-entering tokens. ```console $ nemoclaw my-assistant channels stop telegram ``` | Flag | Description | | ----------- | ------------------------------------------------------------------------------------- | | `--dry-run` | Report the channel that would be disabled without updating the registry or rebuilding | Use `channels stop` instead of `channels remove` when you want to pause a bridge temporarily. `channels remove` is destructive to credentials; `channels stop` is not. ### `nemoclaw channels start ` Re-enable a channel previously paused with `channels stop`. The channel is removed from the disabled list, the sandbox is rebuilt, and the bridge registers with the gateway again using the stored credentials. ```console $ nemoclaw my-assistant channels start telegram ``` | Flag | Description | | ----------- | --------------------------------------------------------------------------------------- | | `--dry-run` | Report the channel that would be re-enabled without updating the registry or rebuilding | ### `nemoclaw skill install ` Deploy a skill directory to a running sandbox. The command validates the `SKILL.md` frontmatter (a `name` field is required), uploads all non-dot files preserving subdirectory structure, and performs agent-specific post-install steps. ```console $ nemoclaw my-assistant skill install ./my-skill/ ``` The skill directory must contain a `SKILL.md` file with YAML frontmatter that includes a `name` field. Skill names must contain only alphanumeric characters, dots, hyphens, and underscores. OpenClaw plugins are a different kind of extension. To install an OpenClaw plugin, see [Install OpenClaw Plugins](/deployment/install-openclaw-plugins). Run `nemoclaw skill install --help` to print usage for this subcommand. If you pass a plugin-shaped directory to `skill install`, the CLI prints a plugin-specific hint instead of treating it as a missing skill file. Files with names starting with `.` (dotfiles) are skipped and listed in the output. Files with unsafe path characters are rejected to prevent shell injection. If the skill already exists on the sandbox, the command updates it in place and preserves chat history. For new installs, the agent session index is refreshed so the agent discovers the skill on the next session. ### `nemoclaw rebuild` Upgrade a sandbox to the current agent version while preserving workspace state. The command backs up workspace state, destroys the old sandbox (including its host-side Docker image), recreates it with the current image via `onboard --resume`, and restores workspace state into the new sandbox. Credentials are stripped from backups before storage. Policy presets applied to the old sandbox are reapplied to the new one so your egress rules survive the rebuild. ```console $ nemoclaw my-assistant rebuild [--yes|-y|--force] [--verbose|-v] ``` | Flag | Description | | ------------------------ | ---------------------------------------------------------------------------------------------- | | `--yes`, `-y`, `--force` | Skip the confirmation prompt | | `--verbose`, `-v` | Log SSH commands, exit codes, and session state (also enabled by `NEMOCLAW_REBUILD_VERBOSE=1`) | If another terminal has an active SSH session to the sandbox, `rebuild` prints an active-session warning and requires confirmation before destroying the sandbox. Pass `--yes`, `-y`, or `--force` to skip the prompt in scripted workflows. The sandbox must be running for the backup step to succeed. If an archive command reports partial output while still producing usable data, `rebuild` keeps the captured backup entries and reports only the manifest-defined paths that could not be archived. If any required state path still cannot be backed up, `rebuild` exits before destroying the original sandbox. After restore, the command runs `openclaw doctor --fix` for cross-version structure repair. ### `nemoclaw update` Check for a NemoClaw CLI update and, when requested, run the maintained installer flow. This command is a discoverable CLI wrapper around the supported installer path: ```console $ curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash ``` ```console $ nemoclaw update [--check] [--yes|-y] ``` | Flag | Description | | ------------- | -------------------------------------------------------------------------------------------------------------------------- | | `--check` | Show the current version, latest maintained version, install type, and maintained update command without changing anything | | `--yes`, `-y` | Skip the confirmation prompt and run the maintained installer flow | `nemoclaw update` updates the host-side NemoClaw installation. It does not replace `nemoclaw upgrade-sandboxes`; use that command to inspect or rebuild existing sandboxes after the CLI has been updated. When the command is running from a source checkout, it reports that state and does not replace the checkout with a global package install. ### `nemoclaw upgrade-sandboxes` Rebuild sandboxes whose base image is older than the one currently pinned by NemoClaw. NemoClaw resolves the digest of `ghcr.io/nvidia/nemoclaw/sandbox-base:latest` from the registry, then compares it against the digest each sandbox was created with. Sandboxes that match the current digest are left alone. ```console $ nemoclaw upgrade-sandboxes [--check] [--auto] [--yes|-y] ``` | Flag | Description | | ------------- | ----------------------------------------------------------------------------------------- | | `--check` | List stale sandboxes without rebuilding any of them. Exits non-zero if any are stale. | | `--auto` | Rebuild every stale sandbox without prompting. Used by the installer to upgrade in place. | | `--yes`, `-y` | Skip the confirmation prompt for the rebuild plan. | Each rebuild reuses the same workspace backup-and-restore flow as `nemoclaw rebuild`, so workspace files survive the upgrade. If the registry is unreachable (offline or firewalled hosts), NemoClaw falls back to the unpinned `:latest` tag and reports that the digest could not be resolved instead of failing. ### `nemoclaw backup-all` Back up all registered running sandboxes to `~/.nemoclaw/rebuild-backups/`. Sandboxes that are not running are skipped. ```console $ nemoclaw backup-all ``` The installer calls `backup-all` automatically before onboarding to protect against data loss during OpenShell upgrades. ### `nemoclaw snapshot create` Create a timestamped snapshot of sandbox state. Snapshots are stored in `~/.nemoclaw/rebuild-backups//`. ```console $ nemoclaw my-assistant snapshot create ``` | Flag | Description | | ---------------- | ------------------------------------------------------------------------------ | | `--name