NVIDIA is dedicated to the security and trust of its software products and services, including all source code repositories managed through our organization.
If you need to report a security issue, use the appropriate contact points outlined below. DO NOT report security vulnerabilities through public GitHub issues or pull requests. If a potential security issue is inadvertently reported through a public channel, NVIDIA maintainers may limit public discussion and redirect the reporter to the appropriate private disclosure channels.
Report a potential security vulnerability in NemoClaw or any NVIDIA product through one of the following channels.
Submit a report through the NVIDIA Vulnerability Disclosure Program. This is the preferred method for reporting security concerns across all NVIDIA products.
Send an encrypted email to psirt@nvidia.com. Use the NVIDIA public PGP key to encrypt the message.
You can use GitHub's private vulnerability reporting to submit a report directly on this repository. Navigate to the Security tab and select Report a vulnerability.
Provide as much of the following information as possible:
- Product name and version or branch that contains the vulnerability.
- Type of vulnerability (code execution, denial of service, buffer overflow, privilege escalation, etc.).
- Step-by-step instructions to reproduce the vulnerability.
- Proof-of-concept or exploit code.
- Potential impact, including how an attacker could exploit the vulnerability.
Detailed reports help NVIDIA evaluate and address issues faster.
NVIDIA's Product Security Incident Response Team (PSIRT) triages all incoming reports. After submission:
- NVIDIA acknowledges receipt and begins analysis.
- NVIDIA validates the report and determines severity.
- NVIDIA develops and tests corrective actions.
- NVIDIA publishes a security bulletin and releases a fix.
Visit the PSIRT Policies page for details on timelines and acknowledgement practices.
While NVIDIA does not currently have a public bug bounty program, we do offer acknowledgement when an externally reported security issue is addressed under our coordinated vulnerability disclosure policy.
For security bulletins, PSIRT policies, and all security-related concerns, visit the NVIDIA Product Security portal. Subscribe to notifications on that page to receive alerts when new bulletins are published.
The following security-relevant defaults are intentional. Each item names the code path that carries the constraint and the compensating controls that make the trade-off acceptable.
- Location:
agents/langchain-deepagents-code/start.sh(prepare_runtime_env) - Constraint:
/tmp/nemoclaw-proxy-env.shis sandbox-user-owned convenience state, not an integrity boundary. It is created with mode0444so independent login and exec shells can source the same credential-free settings. The Deep Agents Code runtime deliberately runs as the non-root sandbox user, unlike the root-supervised OpenClaw and Hermes startup paths. - Compensating controls:
- The file is credential-free by construction.
prepare_runtime_envwrites normalized proxy config and inherited trust-store paths. It does not persist LangSmith tracing, project, or API key variables. - A regression test in
test/langchain-deepagents-code-image.test.tsinjects token-shaped values through LangSmith tracing and both project variables, scans the emitted env file against canonical token shapes, and fails CI if any secret-shaped value is present. - The root-owned, image-baked proxy host/port files and direct
dcode-launcher.shboundary remain the routing source of truth. Focused and live login-shell checks compare the sourced convenience values with that root-owned source; file metadata checks detect accidental drift but do not claim sandbox-owner tamper resistance.
- The file is credential-free by construction.
- When to revisit: If a future change adds credential-shaped values to the env-file writer, or if the Deep Agents Code runtime moves back to the root-supervised startup model, revisit the mode and the compensating controls together.