nemoclaw-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The guide includes interactive commands that request an NVIDIA API key and extract/print the sandbox gateway token (then instructs appending it verbatim to URLs/config), so an agent following it would need to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly downloads and executes public installer scripts (e.g., "curl -fsSL https://nvidia.com/nemoclaw.sh | bash" and "curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh") and also documents exposing the sandbox/web UI and adding skills (and references to public GitHub repos), so untrusted third‑party content can alter the installed agent and its workspace and thereby materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit install-time commands that fetch and execute remote scripts (e.g., curl -fsSL https://nvidia.com/nemoclaw.sh | bash, curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -, and curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh), which run remote code during installation and are required for the skill to function.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs the user/agent to run multiple sudo-privileged actions that modify system files and services (e.g., sudo usermod -aG docker, editing /etc/docker/daemon.json via a setup command, creating /etc/systemd/system service units, restarting system services, and running remote install scripts), which directly change the machine's state and require elevated privileges.