tao-mine-aoi-images
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill resolves and pulls a specific Docker image (
tao_toolkit.data_services) from the NVIDIA Container Registry (nvcr.io). This is a legitimate vendor resource used for the primary functionality of the skill. - [COMMAND_EXECUTION]: The skill executes multiple
docker runcommands to perform image embedding and mining tasks. These commands include GPU access (--gpus all) and volume mounting (-v $WORKSPACE:$WORKSPACE) to ensure host and container paths are synchronized. - [DATA_EXFILTRATION]: The
mining-package.shhook automatically archives the mining results along with project configurations (e.g.,.claude/settings.json) and session transcripts into a timestamped directory. This is an intended feature for workflow reproducibility and auditing within the user's local workspace. - [REMOTE_CODE_EXECUTION]: While the skill downloads and runs containerized code, the source is NVIDIA's official registry, which is a trusted service for this vendor-authored skill.
- [SAFE]: The skill implements several automated checks (via shell and Python hooks) to catch common configuration errors such as missing Docker, missing GPUs, or encoder mismatches before execution proceeds.
Audit Metadata