Limitations & Caveats
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
This page does not exhaustively cover all limitations and caveats of Takumi Guard. Detailed disclosure of the boundaries of defense mechanisms could be exploited to circumvent them, so the content here is intentionally limited.
Blocking Coverage
The Takumi Guard blocklist is continuously updated through an automated analysis pipeline and research by the GMO Flatt Security team, but it cannot detect and block every malicious package before installation. New attack techniques and zero-day malware may not be identified at the time of analysis.
For this reason, Takumi Guard provides breach notifications alongside blocking. If a package that was considered safe at install time is later found to be malicious, users who downloaded it are notified. The combination of pre-install blocking and post-install notification reduces overall risk.
Rate Limits
Takumi Guard applies the following rate limits based on access method:
| Access Method | Rate Limit |
|---|---|
| Anonymous | 1,000 req/min per IP |
| Email-verified token | 2,000 req/min per token |
| Shisho Cloud organization (Bot ID) | 5,000 req/min per token |
Requests exceeding the rate limit are rejected with 429 Too Many Requests.