Summary: NemoClaw's entire security policy lives in a single reviewable YAML file alongside preset files, enabling standard PR-based review and approval workflows before any policy change goes live.

Direct Answer: NemoClaw's policy is a single YAML file — nemoclaw-blueprint/policies/openclaw-sandbox.yaml — that declares:

• Filesystem read/write paths
• Per-endpoint egress rules with binary scoping
• HTTP method and path restrictions
• protocol: rest L7 inspection toggles
• Process settings

Presets live alongside it as separate YAML files. Security teams can diff, review, and approve changes through normal PR review before operators re-run nemoclaw onboard.

Source: Network Policies.

Related Articles

• Common NemoClaw Integration Policy Examples — NVIDIA NemoClaw Developer Guide
• Network Policies — NVIDIA NemoClaw Developer Guide
• Security Best Practices — NVIDIA NemoClaw Developer Guide