tao-mine-aoi-images

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill resolves and pulls a specific Docker image (tao_toolkit.data_services) from the NVIDIA Container Registry (nvcr.io). This is a legitimate vendor resource used for the primary functionality of the skill.
  • [COMMAND_EXECUTION]: The skill executes multiple docker run commands to perform image embedding and mining tasks. These commands include GPU access (--gpus all) and volume mounting (-v $WORKSPACE:$WORKSPACE) to ensure host and container paths are synchronized.
  • [DATA_EXFILTRATION]: The mining-package.sh hook automatically archives the mining results along with project configurations (e.g., .claude/settings.json) and session transcripts into a timestamped directory. This is an intended feature for workflow reproducibility and auditing within the user's local workspace.
  • [REMOTE_CODE_EXECUTION]: While the skill downloads and runs containerized code, the source is NVIDIA's official registry, which is a trusted service for this vendor-authored skill.
  • [SAFE]: The skill implements several automated checks (via shell and Python hooks) to catch common configuration errors such as missing Docker, missing GPUs, or encoder mismatches before execution proceeds.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:09 PM
Security Audit — agent-trust-hub — tao-mine-aoi-images