Question 1

Has NVIDIA acknowledged these security findings?

Accepted Answer

NVIDIA has acknowledged NemoClaw's alpha status and the expectation of "rough edges." GitHub issue #272 (policy preset gap) is publicly tracked in the NemoClaw repository. The Snyk Labs findings were published in a responsible disclosure timeline. NVIDIA has not published specific patch timelines for the /tools/invoke bypass or the TOCTOU race condition. Enterprise teams should track the NemoClaw GitHub repository's security advisories and subscribe to NVIDIA's security notification list.

Question 2

Should we wait for these issues to be fixed before deploying NemoClaw?

Accepted Answer

That depends on your risk tolerance and alternatives. If your current setup is bare OpenClaw with no sandbox, deploying NemoClaw today — even with these known issues — is a security improvement. If your current setup already has Docker container isolation, network segmentation, and monitoring, NemoClaw adds incremental value but the known bypasses mean you should not remove your existing security layers. Deploy NemoClaw as an additional layer, not a replacement for defense-in-depth. See our NemoClaw limitations analysis for the full gap assessment.

Question 3

Do these findings affect NemoClaw's local inference privacy guarantees?

Accepted Answer

The privacy router's local-only mode (blocking all external network traffic) is separate from the sandbox bypass findings. The /tools/invoke bypass allows file reading; it does not bypass the privacy router's network controls. If your NemoClaw deployment uses local vLLM inference with the privacy router in local-only mode and the network namespace configured to block all external traffic, the inference data does not leave the machine even if the sandbox filesystem controls are bypassed. The privacy guarantee and the sandbox guarantee are independent security layers.

Question 4

How can we detect if these bypasses are being exploited in our deployment?

Accepted Answer

Monitor NemoClaw's audit logs for: (1) /tools/invoke calls to filesystem-related tools when workspaceAccess is "none" (indicates Finding 1 exploitation), (2) rapid repeated file access attempts to the same path (indicates TOCTOU race attempts), (3) outbound HTTP requests with unusually large POST bodies to allowed endpoints (indicates data exfiltration through Finding 3/4). Set up alerting on these patterns. ManageMyClaw's Enterprise Managed Care includes automated monitoring for all four bypass patterns with SOC-compatible alert formatting.

Tag: Security Research

NemoClaw Sandbox Escape Research: What Snyk Labs and the Community Found