nv-generate-vae-finetune

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a medical imaging training workflow using standard open-source libraries (MONAI, PyTorch) and trusted upstream repositories from NVIDIA.
  • [SAFE]: The AST-detected eval() call in scripts/run_vae_finetune.py is a false positive. It is a call to the PyTorch torch.nn.Module.eval() method, which is standard procedure for setting a model to evaluation mode, rather than the dangerous Python built-in eval() function.
  • [SAFE]: Subprocess calls in scripts/run_vae_finetune.py are used exclusively for retrieving git metadata (git rev-parse HEAD) and are invoked safely using a list of arguments without shell execution (shell=True is not used).
  • [SAFE]: External network operations and downloads are directed to well-known and reputable services, including GitHub (NVIDIA-Medtech organization), Hugging Face, and the official PyTorch download servers. These are documented in the skill manifest and are necessary for fetching model weights and dependencies.
  • [SAFE]: Data handling is restricted to user-provided medical imaging datalists and directories. The skill provides clear disclaimers regarding its intended use for research purposes and its unsuitability for clinical or production data validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — nv-generate-vae-finetune