Tandemn Tuna Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GPU cloud deployment helper; it can create costly or public infrastructure, but that behavior matches its stated purpose.

Install only if you intend to let the tuna CLI manage real cloud resources. Use least-privilege provider credentials, confirm the target account/project/subscription before deploy or destroy commands, avoid --public unless you add authentication, rate limits, logging, and budget monitoring, and confirm any destroy --all request explicitly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents destructive teardown commands, including `tuna destroy --all`, without any warning about irreversible resource deletion, service interruption, or the need for confirmation safeguards. In an agent context, this increases the risk of accidental mass deletion if the command is surfaced or executed from a casual user request.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The `--public` option is described as making the endpoint publicly accessible with no authentication, but there is no warning about unauthorized use, prompt/data exposure, abuse, or cost-exhaustion risk. Exposing an OpenAI-compatible inference endpoint without auth can allow anyone who discovers the URL to send requests and consume GPU resources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal