NemoClawThe nemoclaw CLI is the primary interface for managing NemoClaw sandboxes.
It is installed automatically by the installer (curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash).
For guidance on when to use nemoclaw versus the underlying openshell CLI, see CLI Selection Guide.
Use nemoclaw for the OpenClaw variant.
OpenClaw is the default agent for nemoclaw onboard unless you pass --agent hermes or set NEMOCLAW_AGENT=hermes.
OpenClaw-specific sections below describe the /nemoclaw slash command, the OpenClaw dashboard URL, the OpenClaw gateway token, and OpenClaw config paths under /sandbox/.openclaw.
The /nemoclaw slash command is available inside the OpenClaw chat interface for quick actions:
The CLI handles host-side operations that run outside the selected agent runtime.
nemoclaw help, nemoclaw --help, nemoclaw -hShow the top-level usage summary and command groups.
Running nemoclaw with no arguments shows the same help output.
nemoclaw --version, nemoclaw -vPrint the installed NemoClaw CLI version.
nemoclaw resourcesDisplay host hardware inventory and configured sandbox resource profiles.
Use --json for machine-readable CPU, memory, GPU, Kubernetes allocatable-capacity, and profile data.
If the gateway is not running, Kubernetes allocatable fields are omitted and host CPU/RAM totals are still shown.
nemoclaw onboardRun the interactive setup wizard (recommended for new installs). The wizard creates an OpenShell gateway, registers inference providers, builds the sandbox image, and creates the sandbox. Use this command for new installs and for recreating a sandbox after changes to policy or configuration.
--resume and --freshNemoClaw records onboarding progress so interrupted runs can continue.
Use --resume to continue a resumable onboarding session with the provider, model, sandbox name, agent, and custom Dockerfile path recorded by the original run.
If the recorded session conflicts with flags you pass on the recovery run, NemoClaw exits and tells you to either rerun with the original settings or start over.
Use --fresh to discard the saved onboarding session and start the wizard from the beginning.
This clears stale or failed session state before NemoClaw creates a new session record.
The installer also accepts --fresh and forwards it to nemoclaw onboard, which skips automatic resume detection.
--resume and --fresh are mutually exclusive.
For NemoClaw-managed environments, use nemoclaw onboard when you need to create or recreate the OpenShell gateway or sandbox.
Avoid openshell self-update, npm update -g openshell, openshell gateway start --recreate, or openshell sandbox create directly unless you intend to manage OpenShell separately and then rerun nemoclaw onboard.
Use --fresh to ignore any saved onboarding session and restart the wizard from scratch. This is useful after an interrupted nemoclaw onboard run when you want to discard saved state instead of continuing it with --resume.
The installer detects existing sandbox sessions before onboarding and prints a warning if any are found.
To make the installer abort instead of continuing, set NEMOCLAW_SINGLE_SESSION=1:
When existing sandboxes were created with OpenShell earlier than 0.0.37, the installer prompts before running the new automatic gateway upgrade path.
For scripted installs, set NEMOCLAW_ACCEPT_EXPERIMENTAL_OPENSHELL_UPGRADE=1 to allow the installer to back up registered sandbox state, retire the old gateway, install the current supported OpenShell release, and restore state during onboarding.
The automatic path is disabled if the existing nemoclaw CLI does not advertise backup-all; preserve sandbox state manually before retiring the old gateway in that case.
To perform those steps manually, run nemoclaw backup-all, retire the old gateway registration with openshell gateway remove nemoclaw || openshell gateway destroy -g nemoclaw || openshell gateway destroy (both verbs are tried so the right one runs on either OpenShell release), stop any remaining privileged host gateway with sudo pkill -f openshell-gateway, then rerun the installer as curl -fsSL https://www.nvidia.com/nemoclaw.sh | NEMOCLAW_OPENSHELL_UPGRADE_PREPARED=1 bash.
The wizard prompts for a provider first, then collects the provider credential if needed.
Supported non-experimental choices include NVIDIA Endpoints, OpenAI, Anthropic, Google Gemini, and compatible OpenAI or Anthropic endpoints.
Credentials are registered with the OpenShell gateway and never persisted to host disk. See Credential Storage for details on inspection, rotation, and migration from earlier releases.
The legacy nemoclaw setup command is deprecated; use nemoclaw onboard instead.
After provider selection, the wizard reviews the provider, model, credential state, and sandbox name before registering inference. It then prompts for optional web search and messaging channels, builds and starts the sandbox, and asks for a policy tier that controls the default set of network policy presets applied to the sandbox. Three tiers are available:
After selecting a tier, the wizard shows a combined preset and access-mode screen where you can include or exclude individual presets and toggle each between read and read-write access. For details on tiers and the presets each includes, see Network Policies.
In non-interactive mode, set the tier with NEMOCLAW_POLICY_TIER (default: balanced):
NEMOCLAW_POLICY_MODE controls how non-interactive onboarding reconciles the tier-derived suggestions against the sandbox’s currently-applied presets.
The default is suggested, which is additive.
Onboarding applies tier defaults and preserves any presets you previously added with nemoclaw <name> policy-add across re-onboards.
Use custom with NEMOCLAW_POLICY_PRESETS when you want the explicit list to be authoritative.
Onboarding removes any preset that is not in the list.
skip leaves the applied set untouched and does not apply tier defaults.
NemoClaw filters tier suggestions and resume selections by active agent support, so unsupported presets such as Brave Search are not reapplied to agents that do not support them.
If you enable Brave Search during onboarding, NemoClaw registers a Brave Search OpenShell provider and keeps openclaw.json on an OpenShell credential placeholder.
At egress, OpenShell rewrites Brave’s X-Subscription-Token header with the real BRAVE_API_KEY.
Treat Brave Search as an explicit opt-in and use a dedicated low-privilege Brave key.
For non-interactive onboarding, you must explicitly accept the third-party software notice:
or:
For scripted installer runs, pass explicit acceptance to the bash side of the installer pipe:
If the installer cannot prompt for the notice in a terminal and no explicit acceptance is set, it exits before installing Node.js or the NemoClaw CLI.
To enable Brave Search in non-interactive mode, set:
BRAVE_API_KEY enables Brave Search in non-interactive mode and also enables web_fetch.
If Brave Search key validation fails in non-interactive mode, onboarding prints a warning, skips web search setup, and continues with the rest of the sandbox setup.
After fixing the key, re-enable web search with nemoclaw config web-search.
The wizard prompts for a sandbox name.
Names must be 1 to 63 characters, lowercase, start with a letter, contain only letters, numbers, and internal hyphens, and end with a letter or number.
The CLI rejects names that do not match these rules.
It also prints a Try: <suggested-slug> recovery line whenever it can derive a valid lowercase, hyphen-separated form from the input, so passing --name MyAssistant reports Try: myassistant.
Names that match global CLI commands (status, list, debug, etc.) are rejected to avoid routing conflicts.
Use --agent <name> to target a specific installed agent profile during onboarding.
Use --control-ui-port <N> to choose the host dashboard port for a sandbox.
The value must be an integer from 1024 through 65535.
This flag takes precedence over CHAT_UI_URL, NEMOCLAW_DASHBOARD_PORT, the previous registry value, and the default port.
If you enable Slack during onboarding, the wizard collects both the Bot Token (SLACK_BOT_TOKEN) and the App-Level Token (SLACK_APP_TOKEN).
Socket Mode requires both tokens.
The app-level token is stored in a dedicated slack-app OpenShell provider and forwarded to the sandbox alongside the bot token.
The wizard also accepts optional SLACK_ALLOWED_USERS and SLACK_ALLOWED_CHANNELS values so you can restrict Slack DMs, channel @mention users, and channel IDs before the sandbox image is built.
If you enable Discord during onboarding, the wizard can also prompt for a Discord Server ID, whether the bot should reply only to @mentions or to all messages in that server, and an optional Discord User ID.
NemoClaw bakes those values into the sandbox image as Discord guild workspace config so the bot can respond in the selected server, not just in DMs.
If you leave the Discord User ID blank, the guild config omits the user allowlist and any member of the configured server can message the bot.
Guild responses remain mention-gated by default unless you opt into all-message replies.
If you enable Telegram during onboarding, the wizard can also prompt for whether group chats should reply only to @mentions or to all group messages.
Set TELEGRAM_REQUIRE_MENTION=1 for non-interactive onboarding when you want mention-only group replies.
Pairing and TELEGRAM_ALLOWED_IDS still govern direct messages.
If you run onboarding again with the same sandbox name and choose a different inference provider or model, NemoClaw detects the drift and recreates the sandbox so the running agent config matches your selection.
In interactive mode, the wizard asks for confirmation before delete and recreate.
In non-interactive mode, NemoClaw recreates automatically when the stored selection is readable and differs; if NemoClaw cannot read the stored selection, NemoClaw reuses by default.
Set NEMOCLAW_RECREATE_SANDBOX=1 to force recreation even when no drift is detected.
Before deleting an existing sandbox during recreation, NemoClaw backs up the workspace state declared by the selected agent profile and restores it into the new sandbox once it is live.
This applies whether the existing sandbox is ready or marked not-ready, so cross-version upgrades that pass NEMOCLAW_RECREATE_SANDBOX=1 no longer drop user files from the selected agent workspace.
The behaviour matches nemoclaw <name> rebuild --force.
NemoClaw aborts the recreate when the backup cannot complete in full — including when individual state directories or files fail mid-backup — so failed entries are not silently dropped on delete.
Set NEMOCLAW_RECREATE_WITHOUT_BACKUP=1 to skip the pre-recreate backup.
The destination sandbox starts with a fresh workspace.
For OpenClaw, the backed-up paths include agents, extensions, workspace, skills, hooks, identity, devices, canvas, cron, memory, telegram, wechat, credentials, and /sandbox/.openclaw/workspace/.
Before creating the gateway, the wizard runs preflight checks.
It verifies that Docker is reachable, warns on untested runtimes such as Podman, and prints host remediation guidance when prerequisites are missing.
The preflight also enforces the OpenShell version range declared in the blueprint (min_openshell_version and max_openshell_version).
If the installed OpenShell version falls outside this range, onboarding exits with an actionable error and a link to compatible releases.
For fresh OpenShell installs, NemoClaw queries published OpenShell releases and asks the installer to use a release that fits the blueprint range.
If release metadata is unavailable, the installer uses its bundled fallback pin and the post-install version gate still enforces the range.
When NemoClaw finds an existing gateway to reuse, it probes the host gateway HTTP endpoint before declaring the gateway reusable.
If the container is running but the upstream is still warming up (for example, immediately after a Docker daemon restart), NemoClaw rebuilds the gateway instead of trusting stale metadata.
On the Docker-driver gateway path, preflight stays read-only when it detects a stale gateway (for example, a Docker-driver runtime env hash drift).
It prints a ⚠ Gateway will be recreated when sandbox creation starts notice and defers the actual teardown to step [2/8] Starting OpenShell gateway.
This means pressing Ctrl+C between preflight and step [2/8] leaves the running gateway and existing sandbox containers untouched, so nemoclaw onboard is safe to run just to check preflight output.
For Linux Docker-driver gateways, onboarding also checks that a helper container on the OpenShell Docker network can reach host.openshell.internal:<gateway-port>.
If a host firewall blocks that sandbox path, onboarding exits with a sudo ufw allow from <subnet> to any port <gateway-port> proto tcp command before it reports the gateway healthy.
Tune the wait via NEMOCLAW_REUSE_HEALTH_POLL_COUNT (default 6) and NEMOCLAW_REUSE_HEALTH_POLL_INTERVAL (default 5 seconds).
The poll count is clamped to a minimum of 1 so the probe always runs at least once, and the interval is clamped to a minimum of 0 (no sleep between attempts).
--from <Dockerfile>Build the sandbox image from a custom Dockerfile instead of the stock NemoClaw image.
The entire parent directory of the specified file is used as the Docker build context, so any files your Dockerfile references (scripts, config, etc.) must live alongside it.
Onboarding skips common large directories (node_modules, .git, .venv, and __pycache__) while staging this context.
It also skips credential-style files and directories such as .env*, .ssh/, .aws/, .netrc, .npmrc, secrets/, *.pem, and *.key.
Other build outputs such as dist/, target/, or build/ are still included.
If the staged context is larger than 100 MB, onboarding prints a warning before the Docker build starts.
If the directory contains unreadable files (for example, Windows system files visible in WSL), onboarding exits with an error suggesting you move the Dockerfile to a dedicated directory.
The Dockerfile path must exist. Missing paths fail during command parsing before preflight, gateway setup, inference setup, or sandbox creation starts.
The file can have any name; if it is not already named Dockerfile, onboard copies it to Dockerfile inside the staged build context automatically.
To create an isolated build context, create a dedicated directory that contains only the Dockerfile and the files it needs:
All NemoClaw build arguments (NEMOCLAW_MODEL, NEMOCLAW_PROVIDER_KEY, NEMOCLAW_INFERENCE_BASE_URL, etc.) are injected as ARG overrides at build time, so declare them in your Dockerfile if you need to reference them.
In non-interactive mode, the path can also be supplied via the NEMOCLAW_FROM_DOCKERFILE environment variable.
You must also supply a sandbox name via --name <sandbox> or NEMOCLAW_SANDBOX_NAME so a --from build cannot silently clobber the default my-assistant sandbox.
If a --resume is attempted with a different --from path than the original session, onboarding exits with a conflict error rather than silently building from the wrong image.
--name <sandbox>Set the sandbox name without going through the interactive prompt.
The same name format and reserved-name rules that the wizard enforces apply here too. Names must be 1 to 63 characters, lowercase, start with a letter, contain only letters, numbers, and internal hyphens, and end with a letter or number.
Names that match a NemoClaw CLI command (status, list, debug, etc.) are rejected up front.
The flag wins over NEMOCLAW_SANDBOX_NAME.
When prompting is possible, NEMOCLAW_SANDBOX_NAME fills the interactive default so you can press Enter to accept it.
When prompting is impossible (no TTY or --non-interactive), the env var is also honoured so existing CI scripts keep working.
Combining --from <Dockerfile> with non-interactive onboarding requires one of --name or NEMOCLAW_SANDBOX_NAME; otherwise onboarding exits rather than silently defaulting to my-assistant and clobbering the default sandbox.
nemoclaw onboard --fromUse a custom Dockerfile for the sandbox image.
This variant of nemoclaw onboard accepts a --from <Dockerfile> argument to build the sandbox from a user-supplied Dockerfile instead of the default NemoClaw image.
When nemoclaw onboard detects an NVIDIA GPU on the host, it enables OpenShell GPU passthrough at both the gateway and sandbox level by default.
Detection proceeds along two paths. The nvidia-smi-based paths (the primary --query-gpu=name,memory.total,memory.free probe and the unified-memory --query-gpu=name fallback) require nvidia-smi to succeed and, on hosts whose firmware does not classify as a known NVIDIA platform (DGX Spark, DGX Station, Jetson, or Tegra), additionally require that the GPU name does not match the placeholder family observed on the Windows-on-ARM WSL2 nvidia-smi shim (JMJWOA-Generic-*) and that either the host is not ARM64 Linux (the observed shim is Windows-on-ARM only) or the NVIDIA kernel driver is bound (/proc/driver/nvidia/ present), so that placeholder shims on non-NVIDIA hardware are not mistaken for real GPUs.
Jetson/Tegra hosts that ship without nvidia-smi continue to be detected via the devicetree firmware fallback (/sys/firmware/devicetree/base/model) or the Tegra device-node fallback (/dev/nvhost-gpu, /dev/nvhost-ctrl-gpu, /dev/nvhost-ctrl, or /dev/nvmap); both bypass the trust-tier gate above.
Use --no-gpu to opt out when you want host-side inference providers only and do not need direct GPU access inside the sandbox.
Use --gpu to require GPU passthrough and fail fast if an NVIDIA GPU is not detected.
Use --sandbox-gpu or --no-sandbox-gpu to control only direct NVIDIA GPU access inside the sandbox.
Use --sandbox-gpu --sandbox-gpu-device <device> to pass a specific OpenShell GPU device selector to openshell sandbox create; device selectors require explicit sandbox GPU enablement.
On Linux Docker-driver gateways, NemoClaw can create the sandbox first and then recreate the OpenShell-managed Docker container with NVIDIA GPU access when that compatibility path is needed.
If the patch fails, onboarding keeps diagnostics and prints a manual cleanup command rather than deleting the failed sandbox automatically.
Prerequisites:
nvidia-smi must succeed.nvidia-smi, the devicetree firmware fallback substitutes.When GPU passthrough is enabled and a gateway already exists without it, onboarding first checks whether replacing the CPU-only gateway is safe.
If no other registered sandbox depends on that gateway, or if --recreate-sandbox is recreating the only registered sandbox with the same name, onboarding cleans up the stale gateway and continues.
If other sandboxes depend on the gateway or Docker state is unclear, onboarding exits without cleanup and prints targeted destroy or gateway-removal guidance.
To add GPU to an existing sandbox, rerun with --recreate-sandbox.
Set NEMOCLAW_DOCKER_GPU_PATCH=0 only when you need to bypass the Linux Docker-driver compatibility patch during troubleshooting.
nemoclaw listList all registered sandboxes with their model, provider, and policy presets.
Pass --json for machine-readable output that includes a schemaVersion, the default sandbox, recovery metadata, and the sandbox inventory.
Sandboxes with an active SSH session are marked with a ● indicator so you can tell at a glance which sandbox you are already connected to in another terminal.
When a sandbox has a recorded dashboard port, the output includes its local dashboard URL.
nemoclaw deployThe nemoclaw deploy command is deprecated.
Prefer provisioning the remote host separately, then running the standard NemoClaw installer and nemoclaw onboard on that host.
Deploy NemoClaw to a remote GPU instance through Brev.
This command remains as a compatibility wrapper for the older Brev-specific bootstrap flow.
The Brev instance name is the positional argument.
The sandbox name comes from NEMOCLAW_SANDBOX_NAME and defaults to my-assistant; invalid sandbox names fail before Brev provisioning starts.
nemoclaw <name> connectConnect to a sandbox by name.
If the sandbox is not yet in the Ready phase, connect polls openshell sandbox list every few seconds and prints the current phase. This gives you progress output right after onboarding, when the 2.4 GB image is still pulling, instead of a silent hang.
Control the wait budget with NEMOCLAW_CONNECT_TIMEOUT (integer seconds, default 120). When the deadline expires, connect exits non-zero with the last-seen phase.
On a TTY, a one-shot hint prints before dropping into the sandbox shell.
The hint is agent-aware. It names the correct TUI command for the sandbox’s agent and reminds you to use /exit to leave the chat before exit returns you to the host shell.
Set NEMOCLAW_NO_CONNECT_HINT=1 to suppress the hint in scripted workflows.
If the sandbox is running an outdated agent version, a non-blocking warning prints before connecting with a nemoclaw <name> rebuild hint.
If another terminal is already connected to the sandbox, connect prints a note with the number of existing sessions before proceeding. Multiple concurrent sessions are allowed.
connect does not pull or serve a model itself, but it does inspect NEMOCLAW_VLLM_MODEL if you exported it for the managed-vLLM install path.
An unknown slug or a gated model (for example deepseek-r1-distill-70b) with no HF_TOKEN or HUGGING_FACE_HUB_TOKEN exits non-zero with the same error the installer would emit, before any sandbox readiness probe or SSH attach.
Unset the variable, or supply the missing token, before retrying.
After a host reboot, the OpenShell gateway rotates its SSH host keys.
connect detects the resulting identity drift, prunes stale openshell-* entries from ~/.ssh/known_hosts, and retries automatically.
You no longer need to re-run nemoclaw onboard after a reboot in this case.
The --probe-only flag verifies the sandbox is reachable over SSH and exits without opening a shell.
Use it for health checks and scripted readiness probes.
nemoclaw <name> execRun a single command non-interactively in a running sandbox via the OpenShell exec endpoint.
The command runs as the sandbox user with HOME=/sandbox, so in-sandbox tooling resolves NemoClaw-provisioned config the same way it does for connect and openshell sandbox connect.
This is the supported substitute for docker exec on the sandbox container; raw docker exec runs as root and lands on HOME=/root, where the selected agent config is not present.
OpenClaw config resolves under /sandbox/.openclaw.
Everything after -- is forwarded verbatim to the sandbox command, including flags the inner command needs.
The exit code is the remote command’s exit code.
nemoclaw <name> recoverRestart the in-sandbox gateway and re-establish the host-side dashboard port-forward without opening an SSH session.
Use this after a sandbox pod restart, a sandbox crash, or whenever nemoclaw <name> status reports the gateway is not running but the sandbox is alive.
recover runs the same recovery the connect command performs as a side effect, but without dropping into a shell, so it is safe to call from scripts and automation.
It is idempotent.
If the gateway is already running, the command exits zero with a probe message and makes no changes.
nemoclaw <name> statusShow sandbox status, health, and inference configuration.
Pass --json to emit a structured per-sandbox report instead of the text renderer.
The JSON output includes at least schemaVersion, name, found, model, provider, phase, gatewayState, inferenceHealth, rpcIssue, hostGpuDetected, sandboxGpuEnabled, sandboxGpuMode, sandboxGpuDevice, openshellDriver, openshellVersion, policies, failureLayer, and dockerPaused.
openshellDriver and openshellVersion are always strings (falling back to "unknown" when the registry has no value), so consumers can rely on typeof checks.
failureLayer is null when no preflight failure was detected and otherwise one of docker_unreachable, sandbox_container_stopped, or sandbox_dashboard_port_conflict; when set, inferenceHealth is suppressed to null so automation does not see a stale remote-provider healthy status during a local outage.
The command exits non-zero when the sandbox is missing locally, the gateway state is not present, the gateway reports a schema/protobuf mismatch (mirrored as rpcIssue), or failureLayer is non-null.
The alias form nemoclaw <name> status --json requires the sandbox to be registered locally; the canonical form nemoclaw sandbox status <name> --json is the one to use from automation that may run against an unknown sandbox name, since it still emits a JSON document with found: false instead of a text error.
The command probes every inference provider and reports one of three states on the Inference line:
Local providers (Ollama, vLLM) probe the host-side health endpoint.
Remote providers (NVIDIA Endpoints, OpenAI, Anthropic, Gemini) use a lightweight reachability check; any HTTP response, including 401 or 403, counts as reachable.
No API keys are sent.
For Local Ollama, the command also probes the authenticated proxy and prints an Inference (auth proxy) line when a proxy token is available.
Use that line to distinguish a healthy backend from a broken proxy path that the sandbox uses for inference.
For cloud-only providers, the output omits the NIM status line unless a NIM container is registered or an unexpected NIM container is running.
When the sandbox’s recorded driver is docker and the host Docker daemon is not reachable, the command prints Failure layer: docker_unreachable — Docker daemon is not reachable. as the first line of stdout, suppresses the host-side Inference probe (which otherwise hits the remote provider directly and is misleading when the local stack is down), and exits with a non-zero status.
When the host Docker daemon is reachable but the per-sandbox container is stopped, the command prints Failure layer: sandbox_container_stopped — sandbox container exists but is not running. as the first line of stdout, suppresses the host-side Inference probe, and exits with a non-zero status.
If the sandbox’s recorded dashboard port is also held by a foreign listener, the header escalates to Failure layer: sandbox_dashboard_port_conflict — sandbox container is stopped and the dashboard port is held by a foreign listener. so the operator can recover the port before restarting the sandbox.
If the sandbox or gateway cannot be verified, the command exits non-zero instead of reporting healthy inference from stale registry state.
Gateway and dashboard health checks treat HTTP 401 from device auth as a live service, not as an offline gateway.
A Connected line reports whether the sandbox has any active SSH sessions and, if so, how many.
The sandbox list in the status output includes the dashboard port suffix for sandboxes with a recorded dashboard port.
The Policy section displays the live enforced policy (fetched via openshell policy get --full), which reflects presets added or removed after sandbox creation.
When OpenShell reports an active policy version, the displayed YAML version line uses that active version instead of the static schema version.
If the sandbox is running an outdated agent version, the output includes an Update line with the available version and a nemoclaw <name> rebuild hint.
When other sandboxes have the same messaging channel enabled (Telegram, Discord, or Slack) with the same bot token, the output includes a cross-sandbox overlap warning so you can resolve the conflict before messages start dropping.
The command also tails /tmp/gateway.log inside the default sandbox and flags Telegram 409 Conflict errors that indicate a duplicate consumer for the bot token.
NemoClaw pins the OpenClaw version inside the sandbox at build time, not at runtime.
The NemoClaw runtime build target is declared by OPENCLAW_VERSION in the NemoClaw Dockerfiles.
The min_openclaw_version field in nemoclaw-blueprint/blueprint.yaml remains the compatibility floor for direct blueprint consumers, so it can be lower than the Dockerfile target.
Existing sandboxes do not auto-upgrade when a newer NemoClaw release ships a newer pin — you upgrade by rebuilding the sandbox.
nemoclaw <name> status prints the running OpenClaw version on the Agent line:
If the sandbox is running an OpenClaw older than the version this NemoClaw release pins, status and connect add an Update line pointing at nemoclaw <name> rebuild to pick up the newer version.
The rebuild reuses the existing sandbox name and persisted credentials, so messaging tokens and provider keys carry over.
nemoclaw <name> doctorRun a focused health check for one sandbox and the host services it depends on. The command checks the local CLI build, Docker daemon, OpenShell CLI, NemoClaw gateway container, gateway port mapping, live sandbox state, inference route, provider reachability, messaging channel conflicts, Ollama reachability, and the cloudflared tunnel state.
Warnings do not make the command fail.
Failed checks exit non-zero so scripts can use doctor as a readiness gate.
Use --json for machine-readable output.
nemoclaw <name> execRun a command non-interactively inside a running sandbox through the OpenShell exec endpoint.
The command runs as the sandbox user with HOME=/sandbox and exits with the remote command’s exit code.
Use -- to separate exec options from the command you want to run inside the sandbox.
nemoclaw <name> logsView sandbox logs.
Use --follow to stream output in real time.
Use --tail <lines> or -n <lines> to limit the number of returned lines.
Use --since <duration> to show recent logs only, such as 5m, 1h, or 30s.
The command reads both agent gateway output and OpenShell audit events, so policy denials appear alongside the gateway log stream.
If one log source is unavailable, NemoClaw prints a warning and keeps reading the remaining source.
NemoClaw’s --tail <lines> flag is a line-count flag; the lower-level openshell logs --tail flag means follow live output, so use openshell logs <sandbox> -n <lines> when running OpenShell directly for a fixed line count.
nemoclaw <name> dashboard-urlPrint the authenticated OpenClaw dashboard URL for a running sandbox. Use this when you are on a remote machine, using an SSH or reverse tunnel, or need a complete URL for a browser session.
The default output includes a label and a warning.
Pass --quiet or -q to print only the URL to stdout so scripts can capture it:
Treat the authenticated dashboard URL like a password. Do not log it, share it, or commit it to version control.
nemoclaw <name> gateway-tokenPrint the OpenClaw gateway auth token for a running sandbox to stdout.
The token is required by openclaw tui and the OpenClaw dashboard URL.
Use dashboard-url for browser access; use gateway-token only when automation needs the raw token.
Pipe it into automation or capture it into an environment variable:
The token is written to stdout with no surrounding text.
A one-line security warning is written to stderr; pass --quiet (or -q) to suppress it.
The command exits non-zero with a diagnostic on stderr when the sandbox is not registered or when the token cannot be retrieved (for example, if the sandbox is not running).
Treat the gateway token like a password. Do not log it, share it, or commit it to version control.
nemoclaw <name> destroyStop the NIM container, remove the host-side Docker image built during onboard, and delete the sandbox.
This removes the sandbox from the registry.
For Ollama-backed sandboxes, destroy also asks Ollama to unload currently loaded models and clears stale auth proxy state on a best-effort basis.
This command permanently deletes the sandbox and its persistent volume.
All workspace files (SOUL.md, USER.md, IDENTITY.md, AGENTS.md, MEMORY.md, and daily memory notes) are lost.
Back up your workspace first with nemoclaw <name> snapshot create or see Backup and Restore.
If you want to upgrade the sandbox while preserving state, use nemoclaw <name> rebuild instead.
If another terminal has an active SSH session to the sandbox, destroy prints an active-session warning and requires a second confirmation before it proceeds.
Pass --yes, -y, or --force to skip the prompt in scripted workflows.
By default, destroy preserves the shared NemoClaw gateway.
Pass --cleanup-gateway to remove the shared gateway when destroying the last sandbox, or --no-cleanup-gateway to force preservation when environment defaults request cleanup.
nemoclaw <name> policy-addAdd a policy preset to a sandbox. Presets extend the baseline network policy with additional endpoints. Before applying, the command shows which endpoints the preset would open and prompts for confirmation.
To apply a specific preset without the interactive picker, pass its name as a positional argument:
The positional form is required in scripted workflows.
Set NEMOCLAW_NON_INTERACTIVE=1 instead of --yes if you want the same behavior from an environment variable.
If the preset name is unknown or already applied, the command exits non-zero with a clear error.
Custom preset files are tracked with the sandbox that applied them.
policy-list, policy-add, and policy-remove compare the local registry and live gateway state using that sandbox-scoped preset metadata, so custom presets do not appear missing just because they are not part of the built-in preset catalog.
Use --dry-run to audit a preset before applying it:
Apply a custom preset file when you need to grant access to an endpoint that is not covered by a built-in preset:
For batch workflows, apply all preset files from a directory:
Review every host in custom preset files before applying them. Custom presets bypass the built-in preset review process and can widen sandbox egress.
nemoclaw <name> policy-listList available policy presets and show which ones are applied to the sandbox.
The command cross-references the local registry against the live gateway state (via openshell policy get), so it flags presets that are applied in one place but not the other.
This catches desync caused by external edits to the gateway policy or stale registry entries after a manual rollback.
nemoclaw <name> policy-removeRemove a previously applied policy preset from a sandbox. The command lists only the presets currently applied, prompts you to select one, shows the endpoints that would be removed, and asks for confirmation before narrowing egress.
To remove a specific preset non-interactively, pass its name as a positional argument:
Set NEMOCLAW_NON_INTERACTIVE=1 as an alternative to --yes.
If the preset is unknown or not currently applied, the command exits non-zero with a clear error.
Unchecking a preset in the onboard TUI checkbox also removes it from the sandbox.
nemoclaw <name> hosts-addAdd a host alias to the sandbox pod template.
Use this when a sandbox needs a stable LAN-only name, such as a local SearXNG or internal model endpoint, without dropping to docker exec and kubectl patch.
The command validates the hostname and IP address, rejects duplicate hostnames, and patches spec.podTemplate.spec.hostAliases on the sandbox resource.
nemoclaw <name> hosts-listList host aliases configured on the sandbox resource.
nemoclaw <name> hosts-removeRemove a hostname from the sandbox hostAliases list.
nemoclaw <name> channels listList the messaging channels NemoClaw knows about (telegram, discord, slack, wechat, whatsapp) with a short description.
The command is a static reference; it does not consult credentials or the running sandbox.
WeChat and WhatsApp are experimental.
nemoclaw <name> channels add <channel>Register a messaging channel with the sandbox and rebuild so the image picks up the new channel. Channels fall into three login modes:
telegram, discord, slack): the command prompts for any missing token and registers it with the OpenShell gateway.wechat, experimental): the command renders an iLink QR code on the host and you scan it from WeChat on your phone.
On confirm, NemoClaw captures the bot token, registers it with the OpenShell gateway, and stores non-secret per-account metadata (WECHAT_ACCOUNT_ID, WECHAT_BASE_URL, WECHAT_USER_ID) for the in-sandbox bridge.
NemoClaw automatically adds the scanning operator’s WeChat user ID to WECHAT_ALLOWED_IDS.
Supply additional comma-separated IDs to authorize more DM senders.
NemoClaw advertises WeChat for both OpenClaw (the @tencent-weixin/openclaw-weixin plugin) and Hermes (the built-in iLink WeChat adapter).whatsapp, experimental): the command records the channel without a host-side token or OpenShell credential provider.
NemoClaw advertises WhatsApp for OpenClaw and Hermes sandboxes; after rebuild, run openclaw channels login --channel whatsapp for OpenClaw or hermes whatsapp for Hermes.
This intentionally leaves QR-created mutable session state in the sandbox until you unpair it or clear the durable agent state.After registering the channel, NemoClaw asks whether to rebuild immediately.
Running add for an already-configured channel simply overwrites the stored credentials where applicable — the operation is idempotent.
Channel names are trimmed and lowercased before NemoClaw stores credentials, names bridge providers, or prints rebuild messages.
NemoClaw requires the matching built-in network policy preset YAML to be present.
A missing or malformed preset YAML (no network_policies: section) aborts channels add before any token prompt, registry write, or rebuild prompt.
With the preset file in place, NemoClaw applies it to the sandbox before the rebuild so the bridge has egress to its upstream API.
When the apply step itself fails after the registry write on a fresh add, NemoClaw attempts to roll back the bridge providers, the messagingChannels entry, and any staged environment credentials, then exits without prompting for a rebuild; if any gateway-side step (provider detach or delete) fails the rollback continues and prints a Rollback could not fully clean <surfaces> warning so the operator can clean up manually.
When the same failure happens on a re-add of an already-enabled channel, NemoClaw restores the prior messagingChannels entry, restores staged environment credentials when available, restores registry credential hashes, and attempts to re-upsert the prior bridge providers, but flags gateway-providers as residual because the in-flight upsert may have left the gateway with the new token; verify the gateway bridge before relying on the channel.
Restore the preset YAML and re-run nemoclaw <name> channels add <channel>.
For Telegram, Discord, and Slack, a rebuild triggered by channels add also verifies that the selected bridge starts and reports credential, startup, or plugin discovery warnings.
Slack requires both SLACK_BOT_TOKEN (bot user OAuth) and SLACK_APP_TOKEN (app-level Socket Mode token); the command prompts for each in turn.
Optional Slack allowlists come from SLACK_ALLOWED_USERS and SLACK_ALLOWED_CHANNELS at rebuild time.
When NEMOCLAW_NON_INTERACTIVE=1 is set, any missing token fails fast and no rebuild prompt is shown — instead, the change is queued and you are told to run nemoclaw <name> rebuild manually.
If you omit the required <channel> argument, the CLI prints the channels add <channel> usage with the supported channel list instead of falling back to top-level help.
nemoclaw <name> channels remove <channel>Clear the stored credentials for a messaging channel and rebuild the sandbox so the image drops the channel.
Running remove for a channel that was never configured is a no-op against the credentials file and still triggers the rebuild prompt.
When the bridge provider is attached to a live sandbox, NemoClaw detaches it before deleting the provider from the OpenShell gateway.
If the matching built-in policy preset is applied, such as telegram, discord, slack, wechat, or whatsapp, NemoClaw also removes that preset so the upstream API is no longer allow-listed after the channel is gone.
NemoClaw also strips the channel from session.policyPresets so a subsequent onboard --resume does not re-apply the preset on the next rebuild.
For QR-paired channels (today: WhatsApp), NemoClaw destructively clears the in-sandbox session directory before the rebuild so the state_dirs backup does not restore the auth blob and let the channel reconnect:
/sandbox/.openclaw/<channel>/ (for example /sandbox/.openclaw/whatsapp/)./sandbox/.hermes/platforms/<channel>/ (for example /sandbox/.hermes/platforms/whatsapp/).The cleanup tries openshell sandbox exec first and falls back to SSH if the exec wrapper does not return the success sentinel. If both transports fail (the sandbox is stopped, the gateway is down, or SSH cannot reach it) the command refuses to proceed to the rebuild and asks you to start the sandbox and re-run, so a half-removed state cannot leave stale Baileys auth files behind for the next rebuild to restore.
As with channels add, NEMOCLAW_NON_INTERACTIVE=1 skips the rebuild prompt and queues the change for a manual nemoclaw <name> rebuild.
If you omit the required <channel> argument, the CLI prints the channels remove <channel> usage with the supported channel list.
Host-side removal is the supported path because agent channel config is baked into the container image at build time (/sandbox/.openclaw/openclaw.json for OpenClaw and /sandbox/.hermes/.env for Hermes); agent-specific channel removals inside the sandbox would modify the running config but not persist changes across rebuilds.
nemoclaw <name> channels stop <channel>Pause a single messaging bridge (telegram, discord, slack, wechat, or whatsapp) without clearing its credentials.
The channel is marked disabled in the per-sandbox registry, and the sandbox is rebuilt so the onboard step skips registering the bridge with the gateway.
The provider stays registered with the OpenShell gateway, so a later channels start brings the bridge back without re-entering tokens.
Use channels stop instead of channels remove when you want to pause a bridge temporarily. channels remove is destructive to credentials; channels stop is not.
nemoclaw <name> channels start <channel>Re-enable a channel previously paused with channels stop. The channel is removed from the disabled list, the sandbox is rebuilt, and the bridge registers with the gateway again using the stored credentials.
nemoclaw <name> channels statusRun channel-specific runtime diagnostics. For WhatsApp the command probes the sandbox to separately report pairing/session state, the Noise WebSocket connection, inbound event delivery, and policy/config coverage; a paired channel with no observed inbound delivery exits non-zero with verdict idle so an unhealthy bridge cannot pass as healthy.
The probe is bounded by an in-sandbox openshell sandbox exec with a hard timeout, captures only short matched bridge log signals (e.g. connection.open, 401 unauthorized, qr expired), and never forwards message bodies to the host diagnostic output.
nemoclaw <name> skill install <path>Deploy a skill directory to a running sandbox.
The command validates the SKILL.md frontmatter (a name field is required), uploads all non-dot files preserving subdirectory structure, and performs agent-specific post-install steps.
The skill directory must contain a SKILL.md file with YAML frontmatter that includes a name field.
Skill names must contain only alphanumeric characters, dots, hyphens, and underscores.
OpenClaw plugins are a different kind of extension. To install an OpenClaw plugin, see Install OpenClaw Plugins.
Run nemoclaw <name> skill install --help to print usage for this subcommand.
If you pass a plugin-shaped directory to skill install, the CLI prints a plugin-specific hint instead of treating it as a missing skill file.
Files with names starting with . (dotfiles) are skipped and listed in the output.
Files with unsafe path characters are rejected to prevent shell injection.
If the skill already exists on the sandbox, the command updates it in place and preserves chat history. For new installs, the agent session index is refreshed so the agent discovers the skill on the next session.
nemoclaw <name> skill remove <skill>Remove an installed skill from a running sandbox by skill name. The command validates the skill name, removes the sandbox upload directory, and refreshes the agent session index so the remaining skills are rediscovered on the next session.
For OpenClaw, the command also removes the OpenClaw home-directory mirror when present.
Use the skill name from the SKILL.md frontmatter, not the local directory name.
Skill names must contain only alphanumeric characters, dots, hyphens, and underscores, and cannot be . or ...
nemoclaw <name> rebuildUpgrade a sandbox to the current agent version while preserving workspace state.
The command backs up workspace state, destroys the old sandbox (including its host-side Docker image), recreates it with the current image via onboard --resume, and restores workspace state into the new sandbox.
Credentials are stripped from backups before storage.
Policy presets applied to the old sandbox are reapplied to the new one so your egress rules survive the rebuild.
The recorded sandbox GPU mode is preserved across rebuild.
A sandbox onboarded with an explicit GPU opt-out (stored as sandboxGpuMode: "0", plus legacy registry entries that only record gpuEnabled: false) is recreated with the same opt-out, so the inner onboard --resume skips the Docker CDI GPU preflight on hosts without an NVIDIA GPU.
Auto-mode sandboxes remain auto.
If another terminal has an active SSH session to the sandbox, rebuild prints an active-session warning and requires confirmation before destroying the sandbox.
Pass --yes, -y, or --force to skip the prompt in scripted workflows.
The sandbox must be running for the backup step to succeed.
If an archive command reports partial output while still producing usable data, rebuild keeps the captured backup entries and reports only the manifest-defined paths that could not be archived.
If any required state path still cannot be backed up, rebuild exits before destroying the original sandbox.
After restore, the command runs openclaw doctor --fix for cross-version structure repair.
nemoclaw updateCheck for a NemoClaw CLI update and, when requested, run the maintained installer flow. This command is a discoverable CLI wrapper around the supported installer path:
nemoclaw update updates the host-side NemoClaw installation.
The maintained installer flow follows the admin-promoted lkg release tag by default, so it may trail the newest semver or latest tag while validation completes.
It does not replace nemoclaw upgrade-sandboxes; use that command to inspect or rebuild existing sandboxes after the CLI has been updated.
When the command is running from a source checkout, it reports that state and does not replace the checkout with a global package install.
nemoclaw upgrade-sandboxesRebuild sandboxes whose base image is older than the one currently pinned by NemoClaw.
NemoClaw resolves the digest of ghcr.io/nvidia/nemoclaw/sandbox-base:latest from the registry, then compares it against the digest each sandbox was created with.
Sandboxes that match the current digest are left alone.
Each rebuild reuses the same workspace backup-and-restore flow as nemoclaw <name> rebuild, so workspace files survive the upgrade.
If the registry is unreachable (offline or firewalled hosts), NemoClaw falls back to the unpinned :latest tag and reports that the digest could not be resolved instead of failing.
nemoclaw backup-allBack up all registered running sandboxes to ~/.nemoclaw/rebuild-backups/.
Sandboxes that are not running are skipped.
The installer calls backup-all automatically before onboarding to protect against data loss during OpenShell upgrades.
nemoclaw <name> snapshot createCreate a timestamped snapshot of sandbox state.
Snapshots are stored in ~/.nemoclaw/rebuild-backups/<name>/.
Names must be 1 to 63 characters from [A-Za-z0-9._-], start with an alphanumeric character, and cannot look like a version selector (v1, v2, …). Duplicate names per sandbox are rejected; pick a different name or delete the existing snapshot first.
nemoclaw <name> snapshot listList available snapshots for a sandbox as a table of version, name, timestamp, and path.
Versions (v1, v2, …) are computed on read from timestamp-ascending order, so v1 is the oldest snapshot and vN is the newest. Snapshots created before this feature landed are numbered retroactively.
nemoclaw <name> snapshot restore [selector] [--to <dst>] [--force] [--yes|-y]Restore sandbox state from a snapshot. The sandbox must be running before you restore. If no selector is provided, the latest snapshot is used. Restore performs a clean replacement of each state directory, removing files that were added after the snapshot was taken.
The selector accepts any of:
v1, v2, …, vN) from snapshot list.snapshot create --name.Pass --to <dst> to restore the snapshot into a different sandbox instead of the source.
When dst does not exist, it is auto-created by reusing the source sandbox’s container image — no re-onboarding needed.
When dst already exists, snapshot restore --to <dst> refuses by default to avoid silently mutating the destination’s filesystem.
To overwrite an existing destination, pass --force: the command deletes dst, then recreates it from the source’s image and restores the snapshot into the fresh copy.
The --force path prompts interactively to confirm the destination name before deleting.
Pass --yes (or set NEMOCLAW_NON_INTERACTIVE=1) to skip the prompt.
The snapshot selector and source pod image are both validated before any deletion, so a bad selector or unresolvable image cannot destroy dst and only fail afterwards.
When --to names an existing sandbox, restore refuses to overwrite it unless you pass --force.
With --force, NemoClaw confirms the destructive restore unless you also pass --yes or run with NEMOCLAW_NON_INTERACTIVE=1.
Use this path only when the destination sandbox can be replaced by the selected snapshot.
nemoclaw <name> share mountMount the sandbox filesystem on the host machine via SSHFS for bidirectional file sharing. Files edited on the host appear instantly inside the sandbox, and vice versa.
Prerequisites:
sshfs must be installed on the host (sudo apt-get install sshfs on Linux, brew install macfuse && brew install sshfs on macOS).sshfs and prints a connect, then ls <path> check when the probe fails.openssh-sftp-server base image update must be rebuilt with nemoclaw <name> rebuild.~/.nemoclaw/mounts/<name> lives on a read-only filesystem, pass an explicit writable path as the second positional argument.nemoclaw <name> share unmountUnmount a previously mounted sandbox filesystem.
nemoclaw <name> share statusCheck whether the sandbox filesystem is currently mounted.
openshell termOpen the OpenShell TUI to monitor sandbox activity and approve network egress requests. Run this on the host where the sandbox is running.
For a remote Brev instance, SSH to the instance and run openshell term there, or use a port-forward to the gateway.
nemoclaw tunnel startStart optional host auxiliary services.
This is the cloudflared tunnel when cloudflared is installed, which exposes the dashboard with a public URL.
Channel messaging (Telegram, Discord, Slack) is not started here; it is configured during nemoclaw onboard and runs through OpenShell-managed constructs.
By default, NemoClaw starts a Cloudflare quick tunnel and prints the generated *.trycloudflare.com URL when cloudflared reports it.
Set CLOUDFLARE_TUNNEL_TOKEN to start a Cloudflare named tunnel instead.
The named tunnel hostname and localhost:<dashboard-port> route must already be configured in the Cloudflare dashboard.
NemoClaw passes the token to cloudflared through the TUNNEL_TOKEN environment variable, so the token does not appear in the cloudflared command-line arguments.
nemoclaw start remains as a deprecated alias that prints a warning and delegates to tunnel start.
nemoclaw tunnel stopStop host auxiliary services that nemoclaw tunnel start started (for example cloudflared).
NemoClaw also tries to stop the OpenClaw gateway inside the selected or default sandbox, which stops in-sandbox messaging channel polling for that sandbox.
Use nemoclaw <name> channels stop <channel> when you only want to pause one bridge without stopping the gateway.
nemoclaw stop remains as a deprecated alias that prints a warning and delegates to tunnel stop.
nemoclaw startDeprecated. Use nemoclaw tunnel start instead.
This command remains as a compatibility alias to nemoclaw tunnel start.
nemoclaw stopDeprecated. Use nemoclaw tunnel stop instead.
This command remains as a compatibility alias to nemoclaw tunnel stop.
nemoclaw statusShow the sandbox list and the status of host auxiliary services (for example cloudflared).
Pass --json for machine-readable output with registered sandboxes, service state, inference routes, and messaging health.
For each listed sandbox, the text output includes the configured inference provider and model plus whether an active SSH session is connected.
When at least one sandbox is registered and the named NemoClaw gateway is unreachable, unhealthy, or attached to a different sandbox, the command prints a gateway: down [state] (reason) line between the sandbox list and the host-service list.
The command classifies the failing layer when possible: the named gateway port is not accepting connections, the named gateway is running but not Connected, the active OpenShell gateway points at a different name, or the named gateway is not configured at all.
It then suggests openshell gateway start --name nemoclaw or nemoclaw onboard --resume to recover.
It exits with code 1 so shell scripts and CI can detect the degraded state from $?.
For --json, the structured output includes gatewayHealth, and the exit code is set after the report is generated.
A clean machine with no registered sandboxes keeps the legacy 0 exit because no gateway is expected to be configured yet.
If cloudflared is installed but not running, the host-service section reports whether the PID file is missing, invalid, or points at a dead process, then suggests nemoclaw tunnel start as the recovery command.
nemoclaw inference getShow the active live inference provider and model from the NemoClaw-managed OpenShell gateway. Use this command when you want the direct runtime route without the rest of the sandbox status output.
nemoclaw inference setSwitch the active inference provider or model for a NemoClaw-managed OpenClaw or Hermes sandbox. The command updates the OpenShell gateway route, patches the selected running agent config so it matches the route, recomputes the config hash, and updates the NemoClaw registry.
For OpenClaw, the patch updates the OpenClaw config provider namespace and selected model.
By default, the command syncs the default registered sandbox.
Pass both --provider and --model when you want NemoClaw to update the OpenShell inference route and sync the selected sandbox’s agent config.
If you only want the lower-level OpenShell route operation, run openshell inference set -g nemoclaw --model <model> --provider <provider> directly.
When either flag is missing, nemoclaw inference set prints that OpenShell command instead of an oclif flag-validation error.
Supported provider names are nvidia-prod, nvidia-nim, nvidia-router, openai-api, anthropic-prod, compatible-anthropic-endpoint, gemini-api, compatible-endpoint, hermes-provider, ollama-local, and vllm-local.
Use --no-verify only when OpenShell cannot verify the provider at switch time but you have already confirmed the provider and credential.
nemoclaw setupThe nemoclaw setup command is deprecated.
Use nemoclaw onboard instead.
This command remains as a compatibility alias to nemoclaw onboard and accepts the same flags: --non-interactive, --resume, --fresh, --recreate-sandbox, --gpu / --no-gpu, --from, --name, --sandbox-gpu / --no-sandbox-gpu, --sandbox-gpu-device, --agent, --control-ui-port, --yes / -y, --no-ollama-autostart, --yes-i-accept-third-party-software.
nemoclaw setup-sparkThe nemoclaw setup-spark command is deprecated.
Use the standard installer and run nemoclaw onboard instead, because current OpenShell releases handle the older DGX Spark cgroup behavior.
This command remains as a compatibility alias to nemoclaw onboard and accepts the same flags: --non-interactive, --resume, --fresh, --recreate-sandbox, --gpu / --no-gpu, --from, --name, --sandbox-gpu / --no-sandbox-gpu, --sandbox-gpu-device, --agent, --control-ui-port, --yes / -y, --no-ollama-autostart, --yes-i-accept-third-party-software.
nemoclaw debugCollect diagnostics for bug reports.
Gathers system info, Docker state, gateway logs, and sandbox status into a summary or tarball.
Use --sandbox <name> to target a specific sandbox, --quick for a smaller snapshot, or --output <path> to save a tarball that you can attach to an issue.
If --output is set and the tarball cannot be written (for example, the destination directory is missing or read-only), the command exits non-zero so scripts can detect the failure.
The tarball is written to a temporary sibling and renamed on success, so a pre-existing file at --output is preserved when tar fails.
When --sandbox is supplied explicitly (via flag or one of NEMOCLAW_SANDBOX_NAME, NEMOCLAW_SANDBOX, SANDBOX_NAME — flag wins, then the env vars in that order), the name must match a registered sandbox; if openshell sandbox list succeeds it must also appear in the live gateway. An unknown or stale name exits non-zero with an actionable error that names the sandbox and reports the source env var when applicable, and no tarball is written. Without an explicit name, nemoclaw debug falls back to the registry’s default sandbox (and warns if that default is stale).
nemoclaw credentials listList the provider credentials registered with the OpenShell gateway. Values are not printed.
nemoclaw credentials reset <PROVIDER>Remove a provider credential from the OpenShell gateway by provider name.
After removal, re-running nemoclaw onboard re-prompts for that provider’s credential.
Run nemoclaw credentials list first if you are not sure of the provider name.
nemoclaw gcRemove orphaned sandbox Docker images from the host.
Each nemoclaw onboard builds an openshell/sandbox-from:<timestamp> image (~765 MB).
The destroy and rebuild commands clean up the image automatically, but images from older NemoClaw versions or interrupted operations may remain.
This command lists all openshell/sandbox-from:* images, cross-references the sandbox registry, and removes any that are no longer associated with a registered sandbox.
nemoclaw uninstallRun uninstall.sh to remove NemoClaw sandboxes, gateway resources, related images and containers, and local state.
The CLI runs the local uninstall.sh shipped with the installed npm package.
If that local script is missing, the CLI does not auto-fetch a remote copy.
It prints the versioned URL of the matching uninstall.sh so you can download, review, and run it manually.
Uninstall also stops any orphaned openshell host processes left behind by previous onboard or destroy cycles, including openshell sandbox create, openshell ssh-proxy, and SSH sessions spawned by OpenShell.
Earlier releases only stopped openshell forward processes, so those orphans accumulated across runs.
For Local Ollama setups, uninstall also stops matching Ollama auth proxy processes before deleting ~/.nemoclaw state so stale proxy listeners do not block a later reinstall.
On Linux, uninstall removes ~/.local/state/nemoclaw, which contains Docker-driver gateway PID files, SQLite data, audit logs, and VM-driver state.
~/.nemoclaw/To avoid uninstall destroying host-side user data, uninstall preserves the following entries under ~/.nemoclaw/ by default:
Uninstall removes every other entry under ~/.nemoclaw/ (gateway source, runtime state, the Ollama auth proxy PID file, etc.).
Decision matrix:
The preserved entries survive uninstall as inert files on disk.
Reinstall NemoClaw and re-onboard the sandbox before nemoclaw <name> snapshot restore can use them.
nemoclaw uninstall vs. the hosted uninstall.shBoth forms execute the same uninstall.sh with the same flags, but differ in where the script comes from and how much they trust the network.
Use nemoclaw uninstall by default.
Use the hosted curl … | bash form only when the CLI is broken or already partially removed.
NemoClaw reads the following environment variables to configure service ports, onboarding behavior, and lifecycle defaults.
Set them before running nemoclaw onboard or any command that starts services.
All ports must be non-privileged integers between 1024 and 65535.
If a port value is not a valid integer or falls outside the allowed range, the CLI exits with an error.
NEMOCLAW_GATEWAY_PORT also cannot overlap the configured dashboard, vLLM, Ollama, or Ollama proxy ports, and cannot use the dashboard auto-allocation range 18789 through 18799 or the default inference/proxy ports 8000, 11434, and 11435.
On non-WSL hosts, NEMOCLAW_OLLAMA_PORT and NEMOCLAW_OLLAMA_PROXY_PORT must be different.
If you run Ollama on port 11435, set NEMOCLAW_OLLAMA_PROXY_PORT to another free port before onboarding.
NEMOCLAW_GATEWAY_BIND_ADDRESS accepts only 127.0.0.1 and 0.0.0.0.
Binding the OpenShell gateway to 0.0.0.0 may make it reachable from other hosts on the network.
NEMOCLAW_DASHBOARD_BIND controls the dashboard or API port forward bind address.
By default the forward stays on 127.0.0.1 (loopback only).
Set NEMOCLAW_DASHBOARD_BIND=0.0.0.0 before nemoclaw onboard (or nemoclaw <sandbox> connect) to bind the forward on all interfaces, which is useful when the host is reached over SSH or a cloud workstation.
Only 0.0.0.0 enables the remote bind; other values are ignored.
When the remote bind is opted in, the dashboard auth flow accepts non-loopback origins.
These overrides apply to onboarding, status checks, health probes, and the uninstaller.
Defaults are unchanged when no variable is set.
If NEMOCLAW_DASHBOARD_PORT or the port from CHAT_UI_URL is already occupied by another sandbox, onboarding scans 18789 through 18799 and uses the next free dashboard port.
Pass --control-ui-port <N> to require a specific port.
For OpenClaw, NEMOCLAW_DASHBOARD_PORT controls the OpenClaw dashboard forward.
These variables let you tune onboarding without editing the Dockerfile or passing repeated flags.
Set them before running nemoclaw onboard.
OpenClaw-specific build-time agent configuration:
Set NEMOCLAW_OLLAMA_INSTALL_MODE=system to run the official https://ollama.com/install.sh installer, which uses sudo, writes to /usr/local, and configures systemd.
Set NEMOCLAW_OLLAMA_INSTALL_MODE=user to extract the release tarball to ${HOME}/.local without sudo and launch the daemon manually without systemd persistence.
Leave NEMOCLAW_OLLAMA_INSTALL_MODE empty or unset to let NemoClaw auto-detect the mode.
Auto-detection selects system when the current user is root or passwordless sudo works.
Auto-detection selects user in non-interactive runs without passwordless sudo.
An interactive shell falls back to system so the official installer can prompt for the password.
NemoClaw rejects any other value.
On upgrades, NemoClaw rejects user because a user-local install cannot replace the system daemon on :11434.
On upgrades, NemoClaw also rejects system under NEMOCLAW_NON_INTERACTIVE=1 when passwordless sudo is unavailable because the installer would hang on a hidden sudo prompt.
The run exits with an actionable diagnostic instead.
These flags toggle optional behaviors during onboarding; set them before running nemoclaw onboard.
Set NEMOCLAW_TRACE=1 before nemoclaw onboard to write an OpenTelemetry-style JSON trace for the run.
When no explicit path is provided, NemoClaw writes a timestamped file under .e2e/traces/ in the current working directory.
Use NEMOCLAW_TRACE_DIR to choose the output directory, or NEMOCLAW_TRACE_FILE to choose the exact output file.
Trace artifacts include onboard phase timing, sandbox and dashboard readiness waits, policy application, inference validation probes, curl probe results, and sandbox build progress events. Secret-like metadata such as API keys, bearer tokens, cookies, and credentials is redacted before the file is written.
These tune how long internal probes wait before giving up. Defaults are sized for typical hardware; override only if you see false-positive timeouts.
The following environment variables tune onboard-time wall-clock limits.
Set them before running nemoclaw onboard if a slow connection or large model pull risks tripping the default.
If a timeout fires, onboarding emits the elapsed budget plus a hint to raise the relevant variable.
The Ollama pull preserves its partial download for the next attempt.
The readiness wait deletes the orphaned sandbox first so the next nemoclaw onboard starts clean.
These flags change defaults for commands that manage existing sandboxes.
nemoclaw setupDeprecated. Use nemoclaw onboard instead.
Running nemoclaw setup now delegates directly to nemoclaw onboard.