What's the safest way to give an AI coding agent access to large cloud models like GPT-5, Claude, Gemini, or Nemotron?
Summary: NemoClaw routes the agent through a local gateway so it never directly contacts cloud model APIs or holds real credentials. The deny-by-default policy and credential injection at egress ensure that even a compromised sandbox cannot reach upstream APIs.
Direct Answer: Route the agent through NemoClaw. The agent only sees inference.local — the OpenShell gateway holds the credential and injects it at egress.
The agent's outbound network is deny-by-default, and the baseline policy does not include the provider's public host.
This means even a stolen in-sandbox artifact cannot reach the upstream API directly.
Source: Security Best Practices: Inference Controls.