Skip to content

Blueprint sandbox image uses :latest tag with empty digest field - IssueFinder - SN 14 #1438

Closed
Bug
#1655
Closed
Blueprint sandbox image uses :latest tag with empty digest field - IssueFinder - SN 14#1438
Bug
#1655
Labels
platform: containerAffects Docker, containerd, Podman, or imagessecurityPotential vulnerability, unsafe behavior, or access risk
@dinuduke

Description

@dinuduke
dinuduke
opened on Apr 3, 2026

Description

Description

The nemoclaw-blueprint/blueprint.yaml (line 22) references the sandbox image using the mutable :latest tag: ghcr.io/nvidia/openshell-community/sandboxes/openclaw:latest. The digest field on line 8 is documented as "computed at release time" but is currently empty. A registry compromise or accidental push replaces the expected image without detection.

Impact

Supply chain risk — sandbox image could be replaced without detection.

Affected Area

  • File(s): nemoclaw-blueprint/blueprint.yaml (lines 8, 22)

Reproduction Steps

  1. Read the blueprint configuration: 
    cat nemoclaw-blueprint/blueprint.yaml | grep -A 3 'image\|tag\|digest'
  2. Observe: image uses :latest tag with an empty or missing digest field
  3. The image reference changes every time a new version is published

Environment

  • OS: Any
  • NemoClaw Version: v0.1.0
  • Branch: main
  • Runtime: Docker / OpenShell
  • Container / Orchestration Info: Blueprint-driven sandbox creation
  • Network Setup: Requires access to container registry

Debug Output

# Read the full blueprint:
cat nemoclaw-blueprint/blueprint.yaml

# Check the image reference:
grep -i 'image\|digest\|tag' nemoclaw-blueprint/blueprint.yaml
# Expected to see: digest: "" or digest: (empty) — no immutable pinning

# Get the current digest for pinning:
docker pull ghcr.io/nvidia/nemoclaw/sandbox-base:latest
docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/nvidia/nemoclaw/sandbox-base:latest

Logs

# N/A — no error is produced. The :latest tag silently resolves to
# whatever was last pushed, creating a supply chain risk.

Checklist

  • I confirmed this bug is reproducible
  • I searched existing issues and this is not a duplicate

Metadata

Metadata

Assignees

No one assigned

    Labels

    platform: containerAffects Docker, containerd, Podman, or imagessecurityPotential vulnerability, unsafe behavior, or access risk

    Type

    Bug

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions