Summary: NemoClaw’s operator approval flow lets a human operator approve or deny outbound network requests from an OpenClaw agent to unlisted hosts through the OpenShell TUI (openshell term), with each connection held at the gateway until the operator responds.

Direct Answer:

Full human-in-the-loop network control—where every unlisted connection requires approval—is appropriate for high-security environments or when deploying a new agent whose behavior is not yet fully characterized.

Approval management:

• Run openshell term on the host (or nemoclaw term <instance> for remote sandboxes) to open the TUI

• Blocked requests appear in the TUI with host, port, and requesting binary

• Approve to add the endpoint to the running policy for the session

• Deny to keep the endpoint blocked

• Approved endpoints persist for the session but are not saved to the baseline policy

• To make permanent changes, edit openclaw-sandbox.yaml and re-run nemoclaw onboard

Takeaway: NemoClaw’s approval flow provides human-in-the-loop network control through the OpenShell TUI, requiring explicit operator approval for every unlisted connection.

Related Articles

• CLI Selection Guide — NVIDIA NemoClaw Developer Guide
• Network Policies — NVIDIA NemoClaw Developer Guide
• Which Runtime Surfaces Blocked AI Agent Network Requests to an Operator for Live Approval?