You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
LLMs confidently suggest things like curl http://... (proxy blocks it), export API_KEY=... inside sandbox (credentials never enter), or editing openclaw.json (Landlock read-only). Each produces confusing errors that look like bugs but are the security model working as designed.
This skill encodes 19 critical rules and 6 native skill design principles learned from production operation on DGX Spark with local vLLM inference.
Signal bridge production hardening (process detection, auto-restart)
Network policy: direct endpoint entries instead of reverse proxies
Session snapshot timing (skill cache invalidation after restore)
Full reference docs: CLI, policies, inference, config, troubleshooting
Also usable as plain Markdown context for any LLM tool, not just Claude Code.
Key lesson
Do NOT deviate from the standard NVIDIA/OpenShell/NemoClaw architecture. Custom proxies, protocol bridges, blanket network policies — every workaround adds a fragile link that breaks on rebuild or reboot. The architecture works when you work with it.
What
A Claude Code skill that teaches LLMs how the OpenShell security boundary works, so they stop giving advice that breaks against it.
Repo: https://github.com/Koneisto/nemoclaw-skill
Why
LLMs confidently suggest things like
curl http://...(proxy blocks it),export API_KEY=...inside sandbox (credentials never enter), or editingopenclaw.json(Landlock read-only). Each produces confusing errors that look like bugs but are the security model working as designed.This skill encodes 19 critical rules and 6 native skill design principles learned from production operation on DGX Spark with local vLLM inference.
What it covers
Also usable as plain Markdown context for any LLM tool, not just Claude Code.
Key lesson
Related