nemo-evaluator-sdk
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages the
nemo-evaluator-launcherand Docker to run evaluation workloads. It generates and executes shell commands for container orchestration, output management, and job lifecycle control.\n- [REMOTE_CODE_EXECUTION]: Through its Slurm backend, the skill executes code on remote HPC infrastructure. It uses SSH to interact with head nodes for job submission viasbatchand status monitoring withsacct.\n- [CREDENTIALS_UNSAFE]: The documentation for the Slurm executor references the use of sensitive file paths, such as~/.ssh/id_rsa, for remote authentication. The ability to access and utilize private keys is a high-privilege operation.\n- [EXTERNAL_DOWNLOADS]: The skill downloads container images from NVIDIA's registry (nvcr.io) and interacts with official NVIDIA API endpoints. These resources originate from well-known technology providers.\n- [COMMAND_EXECUTION]: The adapter system includes a discovery mechanism (adapter_config.discovery) allowing the framework to dynamically load and execute custom interceptors from specified directories or Python modules at runtime.
Audit Metadata