tao-run-on-lepton
Warn
Audited by Socket on Jun 18, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS-LEANING but not malicious. The skill’s purpose and core capabilities mostly align with DGX Cloud Lepton job management, and credential flows target expected NVIDIA/S3 endpoints. Main concerns are install-trust ambiguity around the TAO package naming and the unpinned download-and-source of a remote GitHub shell script inside jobs, which raises medium supply-chain risk rather than clear malicious intent.
Confidence: 83%Severity: 56%
Audit Metadata