jetson-llm-serve
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
sudo nvpmodelandsudo jetson_clocks. These are standard administrative commands for managing power profiles and clock frequencies on NVIDIA Jetson hardware to ensure consistent performance during model serving. - [EXTERNAL_DOWNLOADS]: The instructions reference several external container images, including
vllm/vllm-openai:latest(upstream vLLM),ghcr.io/nvidia-ai-iot/vllm:latest-jetson-orin(NVIDIA-AI-IOT package), andnvcr.io/nvidia/sglang:26.01-py3(NVIDIA NGC registry). These are well-known and vendor-owned repositories appropriate for the task. - [CREDENTIALS_UNSAFE]: The skill mentions the use of
HF_TOKENfor accessing gated models on Hugging Face. Notably, the documentation includes a security warning explicitly advising against passing tokens as environment variables in shared environments and suggests safer alternatives like mounted credential files or Docker secrets. - [COMMAND_EXECUTION]: The skill suggests sourcing a local script
skills/jetson-diagnostic/scripts/detect_jetson.shto determine the hardware generation. This is a standard practice within the Jetson ecosystem to tailor configuration to specific hardware (Thor vs Orin).
Audit Metadata