"NemoClaw scores 39/55 — +4 over OpenClaw. Where does the +4 come from?" The governance layer: +3 Module 6 (external guardrails), +2 Module 5 (OpenShell sandboxing), +1 Module 11 (security principle realized). NemoClaw is the reference for 'governance done right.' harness-engineering::dd09::recall "State NemoClaw's defining architectural principle." Governance lives BENEATH the agent, OUTSIDE its reach. NeMo Guardrails evaluate every call externally. The agent CANNOT reach the enforcement layer to disable it. Module 0.2's principle in production. harness-engineering::dd09::recall "Why can't a prompt-injected NemoClaw agent disable its own guardrails?" The guardrails are OUTSIDE the agent's process. The agent sits above the governance layer; it cannot reach below itself. Every call must pass through governance, which the agent has no control over. harness-engineering::dd09::analysis "What does OpenShell provide that OpenClaw's direct execution does not?" Sandboxed execution the agent never touches directly. The agent calls the governed API; OpenShell executes in an isolated environment. Blast radius = the sandbox, not the host. harness-engineering::dd09::analysis "NemoClaw fixes OpenClaw's trust gap. How?" NeMo Guardrails tag channel-derived content as untrusted BEFORE the model sees it. The cross-channel injection that works on OpenClaw (equal trust status) fails on NemoClaw (tagged + demoted). harness-engineering::dd09::application "Name 3 things NemoClaw does better than any other harness." (1) Governance-beneath-the-agent (the course's security foundation). (2) Trust-boundary fix (NeMo Guardrails). (3) OpenShell sandboxing (agent never touches exec directly). harness-engineering::dd09::recall "What's the COST of NemoClaw's governance layer?" Latency: every call passes through external governance evaluation. Plus: the governance policy itself must be maintained (new channel = new policy rule). Plus: inherits OpenClaw's large codebase. harness-engineering::dd09::analysis