nemo-evaluator-sdk

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages the nemo-evaluator-launcher and Docker to run evaluation workloads. It generates and executes shell commands for container orchestration, output management, and job lifecycle control.\n- [REMOTE_CODE_EXECUTION]: Through its Slurm backend, the skill executes code on remote HPC infrastructure. It uses SSH to interact with head nodes for job submission via sbatch and status monitoring with sacct.\n- [CREDENTIALS_UNSAFE]: The documentation for the Slurm executor references the use of sensitive file paths, such as ~/.ssh/id_rsa, for remote authentication. The ability to access and utilize private keys is a high-privilege operation.\n- [EXTERNAL_DOWNLOADS]: The skill downloads container images from NVIDIA's registry (nvcr.io) and interacts with official NVIDIA API endpoints. These resources originate from well-known technology providers.\n- [COMMAND_EXECUTION]: The adapter system includes a discovery mechanism (adapter_config.discovery) allowing the framework to dynamically load and execute custom interceptors from specified directories or Python modules at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 12:55 AM
Security Audit — agent-trust-hub — nemo-evaluator-sdk