Skills
skills/aradotso/trending-skills/nvidia-nemoclaw/Gen Agent Trust Hub

nvidia-nemoclaw

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation includes a one-line installation command that downloads a shell script from NVIDIA's official domain and pipes it directly to the bash interpreter.
  • Evidence: curl -fsSL https://nvidia.com/nemoclaw.sh | bash in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill fetches resources from external sources, including a script from nvidia.com and a repository from GitHub.
  • Evidence: git clone https://github.com/NVIDIA/NemoClaw.git in SKILL.md.
  • [COMMAND_EXECUTION]: The skill relies on various system-level commands to build, install, and manage sandboxed environments.
  • Evidence: Commands include npm install, npm link, docker, and openshell operations mentioned throughout SKILL.md.
  • [CREDENTIALS_UNSAFE]: The skill requires an NVIDIA API key for model inference, which is managed through environment variables.
  • Evidence: References to export NVIDIA_API_KEY="nvapi-xxxxxxxxxxxx" in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:52 AM