Tandemn Tuna Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
Tuna is a coherent GPU deployment skill, but it can use your cloud credentials to create, expose, and delete costly infrastructure with scopes not clearly bounded in the artifacts.
Install only if you trust the external `tandemn-tuna` package and are comfortable giving it cloud deployment authority. Use a dedicated low-privilege cloud account or project, set spending limits, avoid `--public` unless intentional, and require confirmation before deploy or destroy commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed or invoked with broad cloud credentials, the tool could create billable infrastructure or modify cloud resources in the connected accounts.
This shows the skill expects provider tokens and local cloud authentication. Those credentials can authorize cloud resource creation and deletion, but the supplied metadata declares no primary credential or env vars and the artifacts do not specify narrow permission scopes.
Each serverless provider needs its own credentials. Run `tuna check --provider <name>` to verify setup. ... `modal token new` ... `export RUNPOD_API_KEY="your-api-key"` ... `gcloud auth login`
Use a dedicated low-privilege cloud project/account, scoped API keys, budgets/quotas, and explicit provider/project/region settings before allowing deployment commands.
A mistaken invocation could incur charges, expose an inference endpoint publicly, or delete deployments.
The documented CLI includes high-impact cloud operations: launching deployments, exposing an unauthenticated public endpoint, and bulk teardown. These are purpose-aligned but should not be run automatically or casually.
`tuna deploy --model <HuggingFace-model-ID> --gpu <GPU> [options]` ... `--public` — Make endpoint publicly accessible (no auth) ... `tuna destroy --all`
Require explicit user confirmation for deploy, destroy, `--all`, and `--public`; prefer authenticated/private endpoints and verify service names before teardown.
The clean static scan only covers the skill wrapper, not the installed `tuna` package code that will perform cloud operations.
The runtime behavior is provided by an external package-installed binary. This is expected for a CLI skill, but no package source code is included in the supplied artifacts for review.
uv | package: tandemn-tuna | creates binaries: tuna
Review the package source and publisher, pin a trusted version, and install in an isolated environment before granting cloud credentials.
Misconfigured deployments may keep running, continue billing, or route traffic across providers after the initial command completes.
The skill intentionally automates traffic shifting and persistent cloud capacity. This is disclosed, but a bad configuration can continue consuming resources or route traffic unexpectedly.
Once spot is ready, traffic shifts there. If spot gets preempted, traffic falls back to serverless automatically. ... `--no-scale-to-zero` — Keep at least 1 spot replica running
Set budgets and alerts, keep scale-to-zero enabled unless needed, monitor deployment status and cost, and destroy unused services promptly.