nemoclaw-user-configure-inference
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to download and install Ollama from its official domain (ollama.com) and pulls Docker container images from the NVIDIA Container Registry (nvcr.io). These are well-known and trusted sources.
- [COMMAND_EXECUTION]: The instructions include several shell commands for system configuration, such as using 'sudo' to update firewall rules (ufw) and install system packages (apt-get). It also uses 'docker exec' and 'kubectl' to manage configuration files within the agent sandbox environment. These operations are standard for the described administrative tasks.
- [REMOTE_CODE_EXECUTION]: The skill references the official Ollama installation method, which involves piping a remote script to the shell ('https://ollama.com/install.sh | bash'). This is a recognized installation pattern for this specific well-known service.
- [CREDENTIALS_UNSAFE]: The documentation mentions various API key environment variables (e.g., NVIDIA_API_KEY, OPENAI_API_KEY). It correctly instructs users to set these via environment variables or stdin rather than hardcoding them in files, and uses descriptive placeholders for examples.
Audit Metadata