Nvidia Free Api
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may misunderstand whether they need to provide a private API key or whether the skill contains a shared key.
The documentation gives conflicting expectations: it advertises a built-in API key but later says the user must configure their own key.
📦 **即装即用** | 安装即可调用,内置 API Key ... **重要:使用前需要设置你自己的 API Key**
Clarify that users must bring their own NVIDIA API key, remove the built-in-key claim if inaccurate, and document credential handling consistently.
The command may not exist, or the agent may run an unrelated local command with the same name if one is already on the system.
The skill documents an `nvidia-api` CLI, but the supplied package has no code files, install spec, or declared required binary for that command.
nvidia-api list ... nvidia-api chat "你好" --model meta/llama-3.3-70b-instruct
Only run the CLI if its source is known and trusted; the publisher should include or declare the CLI dependency or remove unsupported CLI instructions.
If mishandled, the user's NVIDIA API key could be exposed through shell history, committed config files, or shared dotfiles.
The integration expects a user-supplied NVIDIA API key, which is purpose-aligned but sensitive and not declared as a required credential in the registry metadata.
apiKey: <你的NVIDIA_API_KEY> ... export NVIDIA_API_KEY="<你的NVIDIA_API_KEY>"
Store the API key in a private environment variable or secret store, avoid committing config files containing real keys, and verify provider account permissions.
Prompts, chat content, and embedding inputs may be sent to NVIDIA whenever this provider configuration is used.
The configuration routes OpenAI-compatible model calls to NVIDIA's external API endpoint, including a possible persistent global `OPENAI_BASE_URL` setting.
baseUrl: https://integrate.api.nvidia.com/v1 ... export OPENAI_BASE_URL="https://integrate.api.nvidia.com/v1"
Do not send sensitive data unless NVIDIA's terms and retention policies are acceptable, and scope the provider setting to the intended tool or project when possible.