By Adam Conway
Publication Date: 2026-04-04 00:00:00
A couple of months back, I wrote about why you should stop using OpenClaw. The security vulnerabilities were bad, the architecture was broken by design, and the project’s maintainers seemed more interested in shipping features than fixing the security issues that put users at risk. Since then, OpenClaw has only grown. It has almost 350,000 stars on GitHub, a marketplace full of third-party skills, and a community that treats it like the future of personal AI. Nvidia clearly agreed, because at GTC 2026, the company announced NemoClaw, a security-focused stack designed to wrap OpenClaw in the guardrails it needs.
As someone who isn’t a fan of OpenClaw for those security reasons, I decided to give NemoClaw a try. I’ve been running it over the past few days on the Lenovo ThinkStation PGX, trying to use it as my daily AI assistant. My OpenClaw instance even gave itself a name, Quill, which I thought was charming. And to be fair, there are things NemoClaw gets right. The sandbox model is smart, the policy filtering is aggressive, and Nvidia put thought into the containment architecture.
However, after spending time with it, I still don’t think NemoClaw is the answer. I’ve been dealing with bugs and working around its limitations, and I’ve had to experience all of the downsides of a sandbox model like this while also failing to see much of the actual upside. Can it make a weather request out of the box? No, because it’s blocked. Does this solve prompt injection?…
