Back to plugin

Security audit

S2 TDOG Genesis Engine

Security checks across malware telemetry and agentic risk

Overview

The skill's code, instructions, and packaging are internally consistent with its stated role as a logic-plane simulator that writes local DB state; it does not request credentials, install external software, or perform network/hardware actuation itself.

This skill appears coherent: it only writes simulation state to a local SQLite DB and documents that it does NOT directly actuate hardware or contact networks. Before installing, confirm the following: (1) the directory where the plugin runs is trusted and file permissions prevent unintended readers/writers of s2_tdog_genesis.db; (2) any downstream IoT/actuator service that might read the DB is air-gapped, audited, and designed with hardware safety interlocks—because the DB entries this skill creates could instruct real actuators if another system acts on them; (3) review the provided presets (e.g., sodium+water, high-temperature/pressure, simulated biological models) and remove or restrict any experiment definitions you do not intend to simulate; (4) log and monitor use of emergency_cutoff and hyper-environment setters so human operators can validate state changes. If you need the plugin to be restricted further, consider running it in a tightly controlled environment or sandbox with explicit read/write policies for the DB file.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.