tao-run-on-lepton

Warn

Audited by Socket on Jun 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS-LEANING but not malicious. The skill’s purpose and core capabilities mostly align with DGX Cloud Lepton job management, and credential flows target expected NVIDIA/S3 endpoints. Main concerns are install-trust ambiguity around the TAO package naming and the unpinned download-and-source of a remote GitHub shell script inside jobs, which raises medium supply-chain risk rather than clear malicious intent.

Confidence: 83%Severity: 56%
Audit Metadata
Analyzed At
Jun 18, 2026, 04:34 PM
Package URL
pkg:socket/skills-sh/promptingcompany%2Fnv-skills%2Ftao-run-on-lepton%2F@1404924984a8826681ec6a961e7aeaca3410fdfe3c523bb72656226dce3127dc
Security Audit — socket — tao-run-on-lepton