Skills
skills/taubyte/skills/installing-taubyte-tooling/Gen Agent Trust Hub

installing-taubyte-tooling

Fail

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The instructions utilize sudo to perform high-privilege operations such as updating system repositories (apt-get update), installing software (apt-get install), and configuring system services (systemctl enable/start).
  • [COMMAND_EXECUTION]: The skill modifies system permissions by adding the current user to the docker group using sudo usermod -aG docker $USER, which is a sensitive privilege escalation step required for non-root Docker usage.
  • [REMOTE_CODE_EXECUTION]: The skill uses a direct pipe from a network download to a shell (curl ... | sh) to install the tau and dream command-line tools from the domain get.tau.link. This pattern bypasses traditional package management and executes remote content with the user shell permissions.
  • [EXTERNAL_DOWNLOADS]: The skill fetches resources from multiple external sites, including nodejs.org for Node.js installation advice, docs.docker.com for Docker setup, and get.tau.link for CLI script downloads.
Recommendations
  • HIGH: Downloads and executes remote code from: https://get.tau.link/cli, https://get.tau.link/dream - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 28, 2026, 09:17 PM