nurec-fixer

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is authored by NVIDIA and facilitates access to official NVIDIA research artifacts. All external links point to legitimate vendor infrastructure (nvidia.com, nvcr.io, huggingface.co/nvidia, github.com/NVIDIA).
  • [COMMAND_EXECUTION]: The provided scripts/validate_setup.py uses subprocess.run to verify host prerequisites such as Docker availability, NVIDIA Container Toolkit installation, and GPU compute capability. This is a standard environment check necessary for high-performance machine learning workflows.
  • [EXTERNAL_DOWNLOADS]: The skill workflow involves downloading source code from GitHub, pulling container images from the NVIDIA Container Registry (nvcr.io), and fetching model weights from Hugging Face. These operations target trusted organizations and are documented clearly for the user.
  • [CREDENTIALS_UNSAFE]: The skill requires HF_TOKEN and NGC_API_KEY for access to gated models and registries. It correctly manages these via environment variables and provides a .env.example template. Security-conscious instructions are included in the troubleshooting and teardown guides to prevent accidental leakage (e.g., using length-only checks and avoiding echoing token values).
  • [DATA_EXFILTRATION]: No suspicious network patterns or unauthorized data transmission activities were identified. Network access is restricted to authenticated artifact retrieval from trusted providers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 08:50 PM
Security Audit — agent-trust-hub — nurec-fixer