NVIDIA · miyoungc · May 14, 2026 · May 14, 2026 · May 14, 2026 · May 14, 2026
diff --git a/.agents/skills/nemoclaw-contributor-update-docs/SKILL.md b/.agents/skills/nemoclaw-contributor-update-docs/SKILL.md
@@ -166,7 +166,7 @@ If the user invoked this skill for release prep, finish the release-specific doc
 3. Refresh the NemoClaw user skills:
 
    ```bash
-   python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user
+   python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user --doc-platform fern-mdx
    ```
 
 ## Step 9: Build and Verify
@@ -214,7 +214,7 @@ User says: "Catch up the docs for everything merged since v0.1.0."
 4. Read the commit diffs and current doc pages.
 5. Draft doc updates reflecting the source code changes in the commits following the style guide.
 6. **Release prep only:** Apply release-prep version bumps if the user requested release prep.
-7. **Release prep only:** Run `python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user`.
+7. **Release prep only:** Run `python3 scripts/docs-to-skills.py docs/ .agents/skills/ --prefix nemoclaw-user --doc-platform fern-mdx`.
 8. Present the summary.
 9. Build with `make docs` to verify.
 10. **Release prep only:** Commit changes and open a pull request with the `documentation` label and the corresponding `vX.Y.Z` release label. Include a concise summary of the doc updates and a source summary that links each identified merged PR to its matching doc page. Include the PR number, affected doc page, links, and description of the doc change in this shape:

diff --git a/.agents/skills/nemoclaw-user-configure-inference/SKILL.md b/.agents/skills/nemoclaw-user-configure-inference/SKILL.md
@@ -8,6 +8,10 @@ description: "Connects NemoClaw to a local inference server. Use when setting up
 
 # Use a Local Inference Server with NemoClaw
 
+## Gotchas
+
+- Ollama is convenient for local chat, but some model/template combinations can return tool calls as plain text under realistic agent load.
+
 ## Prerequisites
 
 - NemoClaw installed.
@@ -62,13 +66,11 @@ If the daemon does not become reachable, onboarding prints PowerShell commands y
 Use one Ollama instance on port `11434` at a time.
 If both WSL and Windows-host Ollama are running, pick the intended menu entry during onboarding so NemoClaw validates and pulls models against the right daemon.
 
-:::{caution}
-Ollama is convenient for local chat, but some model/template combinations can
-return tool calls as plain text under realistic agent load. If the TUI shows raw
-JSON such as `{"name":"memory_search","arguments":{...}}` instead of running a
-tool, switch to vLLM with `--enable-auto-tool-choice` and the correct
-`--tool-call-parser`. See Tool-Calling Reliability (use the `nemoclaw-user-configure-inference` skill).
-:::
+> **Warning:** Ollama is convenient for local chat, but some model/template combinations can
+> return tool calls as plain text under realistic agent load. If the TUI shows raw
+> JSON such as `{"name":"memory_search","arguments":{...}}` instead of running a
+> tool, switch to vLLM with `--enable-auto-tool-choice` and the correct
+> `--tool-call-parser`. See Tool-Calling Reliability (use the `nemoclaw-user-configure-inference` skill).
 
 ### Authenticated Reverse Proxy
 

diff --git a/.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md b/.agents/skills/nemoclaw-user-configure-inference/references/inference-options.md
@@ -1,6 +1,6 @@
 <!-- SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. -->
 <!-- SPDX-License-Identifier: Apache-2.0 -->
-# Inference Options
+# NemoClaw Inference Options
 
 NemoClaw supports multiple inference providers.
 During onboarding, the `nemoclaw onboard` wizard presents a numbered list of providers to choose from.
@@ -19,7 +19,6 @@ NemoClaw uses provider-specific local tokens for those routes, and rebuilds of l
 
 ## Provider Status
 
-<!-- provider-status:begin -->
 | Provider | Status | Endpoint type | Notes |
 |----------|--------|---------------|-------|
 | NVIDIA Endpoints | Tested | OpenAI-compatible | Hosted models on integrate.api.nvidia.com |
@@ -32,7 +31,6 @@ NemoClaw uses provider-specific local tokens for those routes, and rebuilds of l
 | Local Ollama | Caveated | Local Ollama API | Available when Ollama is installed or running on the host |
 | Local NVIDIA NIM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a NIM-capable GPU |
 | Local vLLM | Experimental | Local OpenAI-compatible | Requires `NEMOCLAW_EXPERIMENTAL=1` and a server already running on `localhost:8000` |
-<!-- provider-status:end -->
 
 ## Provider Options
 

diff --git a/.agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md b/.agents/skills/nemoclaw-user-configure-inference/references/set-up-sub-agent.md
@@ -1,6 +1,6 @@
 <!-- SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. -->
 <!-- SPDX-License-Identifier: Apache-2.0 -->
-# Set Up Task-Specific Sub-Agents
+# Set up a Task-Specific Sub-Agent
 
 OpenClaw documents the sub-agent behavior, `sessions_spawn` tool, `agents.list` configuration, tool policy, nesting, and auth model in [Sub-Agents](https://docs.openclaw.ai/tools/subagents).
 Use that page as the source of truth for how OpenClaw sub-agents work.

diff --git a/...ills/nemoclaw-user-configure-inference/references/switch-inference-providers.md b/...ills/nemoclaw-user-configure-inference/references/switch-inference-providers.md
@@ -1,6 +1,6 @@
 <!-- SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. -->
 <!-- SPDX-License-Identifier: Apache-2.0 -->
-# Switch Inference Models at Runtime
+# Switch NemoClaw Inference Models at Runtime
 
 Change the active inference model while the sandbox is running.
 No restart is required.

diff --git a/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md b/.agents/skills/nemoclaw-user-configure-security/references/best-practices.md
@@ -1,20 +1,13 @@
 <!-- SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. -->
 <!-- SPDX-License-Identifier: Apache-2.0 -->
-# Security Best Practices
+# NemoClaw Security Best Practices: Controls, Risks, and Posture Profiles
 
 NemoClaw ships with deny-by-default security controls across four layers: network, filesystem, process, and inference.
 You can tune every control, but each change shifts the risk profile.
 This page documents every configurable knob, its default, what it protects, the concrete risk of relaxing it, and a recommendation for common use cases.
 
 For background on how the layers fit together, refer to How It Works (use the `nemoclaw-user-overview` skill).
 
-<!-- TODO: uncomment after the OpenShell docs are published
-:::{seealso}
-OpenShell enforces the platform-level mechanisms that NemoClaw configures, including network namespace isolation, seccomp filters, SSRF protection, TLS termination, and gateway authentication.
-For the full platform-level controls reference, see [OpenShell Security Best Practices](https://docs.nvidia.com/openshell/latest/security/best-practices.html).
-:::
--->
-
 ## Protection Layers at a Glance
 
 NemoClaw enforces security at four layers.
@@ -72,44 +65,17 @@ flowchart TB
     style GW fill:#2a2a2a,stroke:#76b900,stroke-width:2px,color:#fff
 ```
 
-:::{list-table}
-:header-rows: 1
-:widths: 20 30 20 30
-
-* - Layer
-  - What it protects
-  - Enforcement point
-  - Changeable at runtime
-
-* - Network
-  - Unauthorized outbound connections and data exfiltration.
-  - OpenShell gateway
-  - Yes. Use `openshell policy set` or operator approval.
-
-* - Filesystem
-  - System binary tampering, credential theft, config manipulation.
-  - Landlock LSM + container mounts
-  - Landlock layout: no. Requires sandbox re-creation. Config lockdown posture: yes, with host-side shields commands.
-
-* - Process
-  - Privilege escalation, fork bombs, syscall abuse.
-  - Container runtime (Docker/K8s `securityContext`)
-  - No. Requires sandbox re-creation.
-
-* - Inference
-  - Credential exposure, unauthorized model access, cost overruns.
-  - OpenShell gateway
-  - Yes. Use `nemoclaw inference set`.
-
-:::
+| Layer | What it protects | Enforcement point | Changeable at runtime |
+| --- | --- | --- | --- |
+| Network | Unauthorized outbound connections and data exfiltration. | OpenShell gateway | Yes. Use `openshell policy set` or operator approval. |
+| Filesystem | System binary tampering, credential theft, config manipulation. | Landlock LSM + container mounts | Landlock layout: no. Requires sandbox re-creation. Config lockdown posture: yes, with host-side shields commands. |
+| Process | Privilege escalation, fork bombs, syscall abuse. | Container runtime (Docker/K8s `securityContext`) | No. Requires sandbox re-creation. |
+| Inference | Credential exposure, unauthorized model access, cost overruns. | OpenShell gateway | Yes. Use `nemoclaw inference set`. |
 
 ## Network Controls
 
 NemoClaw controls which hosts, ports, and HTTP methods the sandbox can reach, and lets operators approve or deny requests in real time.
 
-<!-- OpenShell provides additional network enforcement mechanisms not covered here, including network namespace isolation, SSRF protection, TLS auto-detection and termination, and audit-vs-enforce modes.
-See the [Network Controls](https://docs.nvidia.com/openshell/latest/security/best-practices.html#network-controls) section of the OpenShell Security Best Practices. -->
-
 ### Deny-by-Default Egress
 
 The sandbox blocks all outbound connections unless you explicitly list the endpoint in the policy file `nemoclaw-blueprint/policies/openclaw-sandbox.yaml`.
@@ -194,9 +160,6 @@ NemoClaw ships preset policy files in `nemoclaw-blueprint/policies/presets/` for
 
 NemoClaw restricts which paths the agent can read and write, protecting system binaries, configuration files, and gateway credentials.
 
-<!-- OpenShell covers additional filesystem enforcement details, including `hard_requirement` compatibility mode for Landlock and policy path validation rules.
-See the [Filesystem Controls](https://docs.nvidia.com/openshell/latest/security/best-practices.html#filesystem-controls) section of the OpenShell Security Best Practices. -->
-
 ### Read-Only System Paths
 
 The container mounts system directories read-only to prevent the agent from modifying binaries, libraries, or configuration files.
@@ -256,9 +219,6 @@ Landlock is a Linux Security Module that enforces filesystem access rules at the
 
 NemoClaw limits the capabilities, user privileges, and resource quotas available to processes inside the sandbox.
 
-<!-- OpenShell enforces additional process-level controls not covered here, including seccomp BPF socket domain filters and a specific enforcement application order (namespace entry, privilege drop, Landlock, seccomp).
-See the [Process Controls](https://docs.nvidia.com/openshell/latest/security/best-practices.html#process-controls) section of the OpenShell Security Best Practices. -->
-
 ### Capability Drops
 
 The entrypoint drops dangerous Linux capabilities from the bounding set at startup using `capsh`.
@@ -549,4 +509,3 @@ The following patterns weaken security without providing meaningful benefit.
 - Sandbox Hardening (use the `nemoclaw-user-deploy-remote` skill) for container-level security measures.
 - Inference Options (use the `nemoclaw-user-configure-inference` skill) for provider configuration details.
 - How It Works (use the `nemoclaw-user-overview` skill) for the protection layer architecture.
-<!-- - OpenShell [Security Best Practices](https://docs.nvidia.com/openshell/latest/security/best-practices.html) for the platform-level controls reference, including network namespace isolation, seccomp filters, SSRF protection, TLS termination, and gateway authentication. -->
diff --git a/.agents/skills/nemoclaw-user-configure-security/references/credential-storage.md b/.agents/skills/nemoclaw-user-configure-security/references/credential-storage.md
@@ -1,6 +1,6 @@
 <!-- SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. -->
 <!-- SPDX-License-Identifier: Apache-2.0 -->
-# Credential Storage
+# NemoClaw Credential Storage
 
 NemoClaw does not persist provider credentials to host disk.
 The OpenShell gateway is the only system of record for stored credentials.

diff --git a/.agents/skills/nemoclaw-user-deploy-remote/references/brev-web-ui.md b/.agents/skills/nemoclaw-user-deploy-remote/references/brev-web-ui.md
@@ -90,10 +90,10 @@ Provider: NVIDIA Cloud
 
 Click **Chat With Agent** to open the OpenClaw dashboard.
 
-:> **Note:** The dashboard might initially show a **Pairing required** warning.
+> **Note:** The dashboard might initially show a **Pairing required** warning.
 > This means the gateway is still completing pairing in the background.
 > Wait for about a few minutes for pairing to finish automatically. Refresh the dashboard to see if the warning is resolved and the connection is established.
-> If pairing does not finish, go to the **Overview** page in the OpenClaw UI, find the **Gateway Access** panel, and click **Connect**.:
+> If pairing does not finish, go to the **Overview** page in the OpenClaw UI, find the **Gateway Access** panel, and click **Connect**.
 
 ## Start a Chat