nurec-fixer
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by NVIDIA and facilitates access to official NVIDIA research artifacts. All external links point to legitimate vendor infrastructure (nvidia.com, nvcr.io, huggingface.co/nvidia, github.com/NVIDIA).
- [COMMAND_EXECUTION]: The provided
scripts/validate_setup.pyusessubprocess.runto verify host prerequisites such as Docker availability, NVIDIA Container Toolkit installation, and GPU compute capability. This is a standard environment check necessary for high-performance machine learning workflows. - [EXTERNAL_DOWNLOADS]: The skill workflow involves downloading source code from GitHub, pulling container images from the NVIDIA Container Registry (nvcr.io), and fetching model weights from Hugging Face. These operations target trusted organizations and are documented clearly for the user.
- [CREDENTIALS_UNSAFE]: The skill requires
HF_TOKENandNGC_API_KEYfor access to gated models and registries. It correctly manages these via environment variables and provides a.env.exampletemplate. Security-conscious instructions are included in the troubleshooting and teardown guides to prevent accidental leakage (e.g., using length-only checks and avoiding echoing token values). - [DATA_EXFILTRATION]: No suspicious network patterns or unauthorized data transmission activities were identified. Network access is restricted to authenticated artifact retrieval from trusted providers.
Audit Metadata