Customize the network policy

The NemoClaw sandbox operates under a strict-by-default network policy. Only endpoints listed in nemoclaw-blueprint/policies/openclaw-sandbox.yaml are allowed by default. You can extend this policy through static changes to the policy file, dynamic updates to a running sandbox, or by applying a preset for a common service.

Prerequisites

The NemoClaw source repository for static changes.
A running NemoClaw sandbox for dynamic changes.
The OpenShell CLI on your PATH.

Static changes

Static changes modify the baseline policy file. They take effect the next time the sandbox is created or re-onboarded.

Edit the policy file

Open nemoclaw-blueprint/policies/openclaw-sandbox.yaml. Each entry in the network_policies section defines an endpoint group.The policy file uses the following structure:

network_policies:
  my_service:
    name: my_service
    endpoints:
      - host: api.example.com
        port: 443
        protocol: rest
        enforcement: enforce
        tls: terminate
        rules:
          - allow: { method: GET, path: "/**" }
          - allow: { method: POST, path: "/api/**" }
    binaries:
      - { path: /usr/local/bin/openclaw }

The fields are:

endpoints — Host, port, and HTTP rules for each allowed destination.
binaries — Executables permitted to use this endpoint group.
rules — HTTP methods and path patterns that are permitted.

Re-run onboard

Apply the updated policy by re-running the onboard wizard:

nemoclaw onboard

The wizard picks up the modified policy file and applies it to the sandbox.

Verify the policy

Confirm the sandbox is running with the new configuration:

openclaw nemoclaw status

Dynamic changes

Dynamic changes apply a policy update to a running sandbox without restarting it. They are useful for testing or for temporarily allowing access to a new endpoint.

Create a policy file

Write a YAML file with the additional endpoints. Use the same format as the baseline policy:

network_policies:
  pypi:
    name: pypi
    endpoints:
      - host: pypi.org
        port: 443
        protocol: rest
        enforcement: enforce
        tls: terminate
        rules:
          - allow: { method: GET, path: "/**" }
      - host: files.pythonhosted.org
        port: 443
        rules:
          - allow: { method: GET, path: "/**" }
    binaries:
      - { path: /usr/bin/python3 }
      - { path: /usr/local/bin/pip }

Apply the policy

Push the policy update to the running sandbox:

openshell policy set ./my-policy.yaml

The change takes effect immediately — no sandbox restart is required.

Dynamic changes apply only to the current session. When the sandbox stops, the running policy resets to the baseline defined in openclaw-sandbox.yaml. To make changes permanent, edit the static policy file and re-run nemoclaw onboard.

Policy presets

The nemoclaw-blueprint/policies/presets/ directory contains ready-to-use policy files for common services. Apply a preset dynamically with openshell policy set:

Slack
Hugging Face
Other presets

Allows the Slack API, webhooks, and API subdomain on port 443:

openshell policy set nemoclaw-blueprint/policies/presets/slack.yaml

Endpoints: slack.com, api.slack.com, hooks.slack.com

Allows the Hugging Face Hub, LFS CDN, and inference API:

openshell policy set nemoclaw-blueprint/policies/presets/huggingface.yaml

Endpoints: huggingface.co, cdn-lfs.huggingface.co, api-inference.huggingface.co

The following presets are available in nemoclaw-blueprint/policies/presets/:

Preset file	Service
`discord.yaml`	Discord API
`docker.yaml`	Docker Hub registry
`huggingface.yaml`	Hugging Face Hub and inference
`jira.yaml`	Jira REST API
`npm.yaml`	npm registry
`outlook.yaml`	Microsoft Outlook / Graph API
`pypi.yaml`	Python Package Index
`slack.yaml`	Slack API and webhooks
`telegram.yaml`	Telegram Bot API

Apply any preset:

openshell policy set nemoclaw-blueprint/policies/presets/<preset>.yaml

To make a preset permanent, copy the network_policies block from the preset file into openclaw-sandbox.yaml and re-run nemoclaw onboard.

Policy file field reference

Field	Type	Description
`name`	string	Unique identifier for this policy group
`endpoints[].host`	string	Hostname to allow
`endpoints[].port`	integer	Port number (typically `443`)
`endpoints[].protocol`	string	Protocol type, e.g. `rest`
`endpoints[].enforcement`	string	`enforce` to block violations, `audit` to log only
`endpoints[].tls`	string	`terminate` to inspect TLS traffic
`endpoints[].rules[].allow.method`	string	HTTP method: `GET`, `POST`, `PUT`, `PATCH`, `DELETE`, or `*`
`endpoints[].rules[].allow.path`	string	Path glob, e.g. `/` or `/api/`
`binaries[].path`	string	Absolute path to the binary allowed to use these endpoints

Approve network requests

Use the TUI to allow or block requests from the running agent in real time.

Network policies reference

Baseline policy listing, filesystem rules, and the full operator approval flow.

Get Started

Guides

Customize the network policy

Customize the network policy

Prerequisites

Static changes

Dynamic changes

Policy presets

Policy file field reference

Approve network requests

Network policies reference

Build docs developers (and LLMs) love

Get Started

Guides

​Customize the network policy

​Prerequisites

​Static changes

​Dynamic changes

​Policy presets

​Policy file field reference

​Related topics

Approve network requests

Network policies reference

Build docs developers (and LLMs) love

Customize the network policy

Prerequisites

Static changes

Dynamic changes

Policy presets

Policy file field reference

Related topics