nemoclaw-user-manage-sandboxes

Fail

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes scripts from NVIDIA's official domains and GitHub repositories. Evidence: SKILL.md contains commands to pipe remote scripts to bash: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash and curl -fsSL https://raw.githubusercontent.com/NVIDIA/NemoClaw/refs/heads/main/uninstall.sh | bash.
  • [COMMAND_EXECUTION]: Provides numerous shell commands for sandbox management and lifecycle operations. Evidence: Commands like nemoclaw list, nemoclaw status, nemoclaw logs, and openshell forward start are used to interact with the host and sandbox environments.
  • [EXTERNAL_DOWNLOADS]: Downloads operational scripts and configuration from well-known NVIDIA domains. Evidence: Targeted URLs include https://www.nvidia.com/nemoclaw.sh and https://raw.githubusercontent.com/NVIDIA/NemoClaw/refs/heads/main/uninstall.sh.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from user-editable workspace files. Ingestion points: Reads files such as SOUL.md, USER.md, IDENTITY.md, and AGENTS.md from the /sandbox/.openclaw/workspace/ directory at the start of sessions, as documented in references/workspace-files.md. Boundary markers: None. The skill does not define delimiters to separate instructions from the data within these files. Capability inventory: The skill executes shell commands via the nemoclaw and openshell CLI tools and performs file system operations (download/upload). Sanitization: None. There is no mention of validation or filtering for the content of workspace files before they are processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://www.nvidia.com/nemoclaw.sh, https://raw.githubusercontent.com/NVIDIA/NemoClaw/refs/heads/main/uninstall.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — nemoclaw-user-manage-sandboxes