NemoClaw nemoclaw-user-configure-security

Name: nemoclaw-user-configure-security
Author: NVIDIA

Presents a risk framework for every configurable security control in NemoClaw. Use when evaluating security posture, reviewing sandbox security defaults, or assessing control trade-offs. Trigger keywords - nemoclaw security best practices, sandbox security controls risk framework, nemoclaw credential storage, credentials.json, api key security, openclaw security controls, nemoclaw security boundary, prompt injection, tool access control.

install

source · Clone the upstream repo

git clone https://github.com/NVIDIA/NemoClaw

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/NVIDIA/NemoClaw "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.agents/skills/nemoclaw-user-configure-security" ~/.claude/skills/nvidia-nemoclaw-nemoclaw-user-configure-security && rm -rf "$T"

manifest: .agents/skills/nemoclaw-user-configure-security/SKILL.md

source content

NemoClaw Security Best Practices: Controls, Risks, and Posture Profiles

References

Load references/best-practices.md when evaluating security posture, reviewing sandbox security defaults, or assessing control trade-offs. Presents a risk framework for every configurable security control in NemoClaw.
Load references/openclaw-controls.md when reviewing the security boundary between NemoClaw and OpenClaw or assessing what NemoClaw does not cover. Lists OpenClaw security controls that operate independently of NemoClaw, including prompt injection detection, tool access control, rate limiting, environment variable policy, audit framework, supply chain scanning, messaging access policy, context visibility, and safe regex.
Load references/credential-storage.md when reviewing how credentials are handled, locating a specific credential file, or assessing the risk of the unencrypted-at-rest default. Covers where NemoClaw stores provider credentials, the file permissions applied, and the trade-offs of plaintext local storage.