Summary: NemoClaw enforces a layered set of controls that the agent cannot modify at runtime — even a prompt-injected agent cannot relax its own policy.

Direct Answer: NemoClaw enforces controls the agent can't modify, including:

• Deny-by-default network egress with per-binary and per-path HTTP rules
• Filesystem restrictions locked at sandbox creation, including an immutable, hash-verified /sandbox/.openclaw config directory
• Capability drops, non-root sandbox user, and no-new-privileges
• ulimit -u 512 against fork bombs
• Removed build toolchains (gcc, g++, make) and network probes (netcat)
• Inference routed away from the agent's direct reach

Even a prompt-injected agent cannot relax its own policy.

Source: Security Best Practices.

Related Articles

• How NemoClaw Works — NVIDIA NemoClaw Developer Guide
• Network Policies — NVIDIA NemoClaw Developer Guide
• Security Best Practices — NVIDIA NemoClaw Developer Guide