nemoclaw-deploy-remote
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documents the integration of Telegram bot messaging, which introduces an indirect prompt injection surface when the agent processes untrusted user input.
- Ingestion points: User messages delivered via the Telegram bot token configuration in
SKILL.md. - Boundary markers: The documentation suggests using an allowlist (
TELEGRAM_ALLOWED_IDS) for access control, though it does not explicitly detail the use of delimiters for data isolation within the prompt. - Capability inventory: The agent can execute commands and manage network requests through OpenShell, with a terminal interface provided for approving requests.
- Sanitization: Security hardening measures are detailed in
references/sandbox-hardening.md, including the removal of build tools (gcc, g++, make) and network probes from the sandbox image to limit post-exploitation capabilities.- [EXTERNAL_DOWNLOADS]: The skill references the installation of the Brev CLI frombrev.nvidia.comto manage remote GPU provisioning. This is an official vendor resource.
Audit Metadata