Security audit
S2 TDOG Genesis Engine
Security checks across malware telemetry and agentic risk
Overview
The skill's code, instructions, and packaging are internally consistent with its stated role as a logic-plane simulator that writes local DB state; it does not request credentials, install external software, or perform network/hardware actuation itself.
This skill appears coherent: it only writes simulation state to a local SQLite DB and documents that it does NOT directly actuate hardware or contact networks. Before installing, confirm the following: (1) the directory where the plugin runs is trusted and file permissions prevent unintended readers/writers of s2_tdog_genesis.db; (2) any downstream IoT/actuator service that might read the DB is air-gapped, audited, and designed with hardware safety interlocks—because the DB entries this skill creates could instruct real actuators if another system acts on them; (3) review the provided presets (e.g., sodium+water, high-temperature/pressure, simulated biological models) and remove or restrict any experiment definitions you do not intend to simulate; (4) log and monitor use of emergency_cutoff and hyper-environment setters so human operators can validate state changes. If you need the plugin to be restricted further, consider running it in a tightly controlled environment or sandbox with explicit read/write policies for the DB file.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
