tao-port-huggingface-model

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Docker images from NVIDIA's Container Registry (nvcr.io) and models from the HuggingFace Hub. These operations target well-known services and are fundamental to the skill's primary function.
  • [COMMAND_EXECUTION]: Orchestrates model training, evaluation, and deployment tasks using docker run and docker exec to ensure environment isolation. All commands are specific to the TAO Toolkit workflow and utilize established platform tools.
  • [CREDENTIALS_UNSAFE]: Requires the user to provide an HF_TOKEN and an NGC API Key for authentication. These credentials are required for accessing gated models and private registries; the skill provides standard instructions for their use without hardcoding or unsafe exposure.
  • [REMOTE_CODE_EXECUTION]: Installs local clones of TAO Toolkit repositories and well-known Python dependencies (e.g., transformers, torch, timm) inside Docker containers. This setup is consistent with the skill's purpose of enabling local development and testing of model integrations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:05 PM
Security Audit — agent-trust-hub — tao-port-huggingface-model