# NemoClaw vs Claude Code Security An honest comparison of security architectures. NemoClaw is NVIDIA's enterprise layer on top of OpenClaw. Claude Code is Anthropic's agent platform. They solve security differently. ## Architecture comparison ### NemoClaw (4 security layers) | Layer | Mechanism | Enforcement | |-------|-----------|-------------| | Network | Block non-allowlisted outbound | Kernel (netns) | | Filesystem | Restrict to /sandbox and /tmp | Kernel (Landlock) | | Process | Block privilege escalation | Kernel (seccomp) | | Inference | Route API calls through gateway | Proxy | All enforcement is out-of-process. The agent cannot override its own constraints because they are enforced by the Linux kernel. ### Claude Code (3 security layers) | Layer | Mechanism | Enforcement | |-------|-----------|-------------| | Permissions | Allow/deny lists, modes | Claude Code runtime | | Hooks | PreToolUse/PostToolUse scripts | Shell scripts | | Sandbox | macOS sandbox-exec | OS-level | Hooks run in-process (same machine) but as separate shell processes. The agent cannot modify hook scripts during execution because file writes can be restricted. ## Where NemoClaw wins 1. **Kernel-level isolation.** Landlock + seccomp + network namespaces cannot be bypassed by the agent, period. Claude Code hooks can theoretically be circumvented if permission mode is too permissive. 2. **Enterprise compliance.** NemoClaw is designed for SOC2, audit trails, OpenTelemetry integration. Claude Code has basic logging via hooks but no compliance framework. 3. **Multi-tenant safety.** NemoClaw sandboxes isolate agents from each other. Claude Code agents share the host environment (worktree isolation helps but is git-level, not OS-level). ## Where Claude Code wins 1. **Flexibility.** Hooks can contain any logic. NemoClaw policies are declarative YAML with fixed categories. If you need custom rules, Claude Code is easier to extend. 2. **No infrastructure.** NemoClaw requires Docker, 4 vCPU, 8GB RAM, a 2.4GB sandbox image. Claude Code hooks are bash scripts. 3. **Speed.** No container startup. Hooks add milliseconds, not seconds. 4. **Ecosystem maturity.** Claude Code's permission model is battle-tested across millions of sessions. NemoClaw is in early alpha (announced March 2026). ## Known vulnerabilities - **OpenClaw:** CVE-2026-25253 (CVSS 8.8) allowed remote code execution through crafted skill files. 135K+ instances were exposed before the patch. - **ClawHub:** Cisco research found 12% of community-submitted skills contained malicious code (data exfiltration or prompt injection payloads). - **Claude Code:** No known CVEs. The marketplace has a review process, though its effectiveness varies. ## Practical recommendation | Use case | Better choice | |----------|--------------| | Personal automation | Claude Code (simpler, no infra) | | Enterprise/multi-tenant | NemoClaw (kernel isolation) | | Compliance-required | NemoClaw (audit trails) | | Custom security rules | Claude Code (hook flexibility) | | Untrusted skill ecosystem | NemoClaw (sandbox) or Claude Code (review + hooks) | They are not mutually exclusive. You can use Claude Code for development work and OpenClaw+NemoClaw for always-on automation where stronger isolation matters.