[Security] NVIDIA API key passed via environment variable is logged by k3s/systemd journal in plaintext — key exposed in system logs

[saismrutiranjan18]

Severity

High — credential exposure on shared or multi-user hosts

Affected Component

Gateway/sandbox process startup, nemoclaw onboard key injection

Problem

The NVIDIA API key collected during nemoclaw onboard is injected into the
gateway or sandbox process as an environment variable. On Linux systems
running systemd and k3s, this exposes the key in multiple places:

• /proc/<pid>/environ — readable by root and same-user processes at any
  point while the gateway is running
• journalctl — systemd units may log process environments on startup
• k3s audit logs — if Kubernetes audit logging is enabled on the host
• docker inspect / kubectl describe pod — env vars are visible to anyone
  with those permissions

Attack Surface

On a shared machine or in a CI/CD environment, another process running as
the same user (or any root process) can extract the API key from
/proc/<pid>/environ at any point during the gateway's lifetime.

This is especially relevant for NemoClaw because the tool is designed for
developer workstations and shared infrastructure — environments where
multiple users or processes commonly have overlapping permissions.

Steps to Reproduce

# While nemoclaw gateway is running:
cat /proc/$(pgrep -f openshell-gateway)/environ | tr '\0' '\n' | grep -i nvidia
# On systems where the process runs as the same user, this exposes the key

[wscurran]

Thanks for pointing out the security risk of exposing the NVIDIA API key in system logs when it's passed as an environment variable, which is a serious issue that we need to address.