Skip to content

[Brev][Security] nemoclaw shields up blocks openclaw tui with EACCES on agents/sessions directory and disables /nemoclaw slash command #4065

Closed
Bug
#4155
Closed
[Brev][Security] nemoclaw shields up blocks openclaw tui with EACCES on agents/sessions directory and disables /nemoclaw slash command#4065
Bug
#4155
Assignees
laitingsheng
Labels
NV QABugs found by the NVIDIA QA Teamintegration: openclawOpenClaw integration behaviorplatform: brevAffects Brev hosted development environmentssecurityPotential vulnerability, unsafe behavior, or access risk
@mercl-lau

Description

@mercl-lau
mercl-lau
opened on May 22, 2026

Description

After running nemoclaw my-assistant shields up, openclaw tui inside the sandbox fails with "EACCES: permission denied, mkdir '/sandbox/.openclaw/agents/main/sessions'". The TUI connects to the gateway but cannot create its session directory, rendering it completely unusable. Additionally, the NemoClaw plugin reports "plugin not found" during TUI startup under shields-up lockdown, which disables the /nemoclaw shields slash command — the only in-sandbox way to check shields state.

The shields lockdown is too restrictive: it locks down config files (intended) but also prevents the TUI from creating runtime session directories (unintended).

Environment

Device:        Brev GCP instance (n2d-standard-4)
OS:            Ubuntu 22.04.5 LTS (Linux 6.8.0-1048-gcp x86_64)
Architecture:  x86_64
Node.js:       v22.22.2
npm:           10.9.7
Docker:        Docker version 29.1.3
OpenShell CLI: 0.0.39
NemoClaw:      v0.0.49
OpenClaw:      v2026.4.24 (cbcfdf6)

Steps to Reproduce

  1. nemoclaw onboard (fresh install v0.0.49, NVIDIA Endpoints, default sandbox my-assistant)
  2. nemoclaw my-assistant shields up
  3. nemoclaw my-assistant shields status — confirms "Shields: UP (lockdown active)"
  4. nemoclaw my-assistant connect
  5. Inside sandbox: openclaw tui
  6. Inside TUI: type /nemoclaw shields and press Enter

Expected Result

  1. TUI starts normally, session created
  2. /nemoclaw shields outputs "Shields: UP" with current lockdown state

Actual Result

  1. TUI shows three issues on startup:

    a. Config warnings:

    plugins.entries.nemoclaw: plugin not found: nemoclaw (stale config entry ignored)
plugins.entries.openclaw-weixin: plugin not found: openclaw-weixin (stale config entry ignored)

    b. Session creation fails:

    run error: Error: EACCES: permission denied, mkdir '/sandbox/.openclaw/agents/main/sessions'

    c. Status bar shows "connected | error"

  2. /nemoclaw shields produces no output — the slash command is not registered because the nemoclaw plugin failed to load under lockdown permissions.

Note: After running nemoclaw my-assistant shields down from host, openclaw plugins inspect nemoclaw shows the plugin loads correctly and /nemoclaw slash command is registered. The plugin itself is intact; the lockdown permissions prevent it from loading during TUI startup.

Logs

Config warnings:
- plugins.entries.openclaw-weixin: plugin not found: openclaw-weixin (stale config entry ignored; remove it from plugins config)
- plugins.entries.nemoclaw: plugin not found: nemoclaw (stale config entry ignored; remove it from plugins config)

🦞 OpenClaw 2026.4.24 (cbcfdf6)

 session agent:main:main
 run error: Error: EACCES: permission denied, mkdir '/sandbox/.openclaw/agents/main/sessions'
 connected | error
 agent main | session main | inference/nvidia/nemotron-3-super-120b-a12b | tokens ?/131k

NVB#6205720

Metadata

Metadata

Assignees

Labels

NV QABugs found by the NVIDIA QA Teamintegration: openclawOpenClaw integration behaviorplatform: brevAffects Brev hosted development environmentssecurityPotential vulnerability, unsafe behavior, or access risk

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions