nemoclaw-setup
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill fetches and executes scripts from NVIDIA's official domain and GitHub repository by piping output from curl directly into bash and sh.
- [COMMAND_EXECUTION]: Requires administrative privileges (
sudo) to install system packages likedocker.ioandnodejs, and to modify system configuration files such as/etc/docker/daemon.jsonand/etc/systemd/system/. - [COMMAND_EXECUTION]: Establishes persistence by creating a custom systemd service (
nemoclaw-forward.service) and a local keepalive script (nemoclaw-keepalive.sh) to maintain background port forwarding. - [EXTERNAL_DOWNLOADS]: Downloads software components from external sources including NodeSource and NVIDIA-affiliated repositories.
- [PROMPT_INJECTION]: The skill configures an AI agent environment that processes untrusted workspace data while possessing broad execution capabilities.
- Ingestion points: Workspace profile and behavior files (
USER.md,SOUL.md,TOOLS.md) and custom skills defined in the sandbox environment. - Boundary markers: Absent; no explicit delimiters or instructions are provided to the agent to differentiate between static data and active instructions.
- Capability inventory: The agent is configured with high-impact tools including
exec,read, andwriteaccess within its environment. - Sanitization: Absent; content is written directly to workspace and skill files without validation or sanitization of external content.
Recommendations
- HIGH: Downloads and executes remote code from: https://nvidia.com/nemoclaw.sh, https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh - DO NOT USE without thorough review
Audit Metadata