ClawHub

Cc Log Viewer

Security checks across malware telemetry and agentic risk

Overview

This skill exposes a network-accessible Claude Code terminal controller without authentication and starts Claude with permission checks disabled.

Install only in a tightly controlled local environment, and do not expose this service to a LAN, Tailscale network, or the internet unless you add authentication, localhost-only defaults, and remove --dangerously-skip-permissions. Treat anything shown in the terminal viewer as potentially sensitive, and review the startup script because it may terminate unrelated services on the selected port.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior goes well beyond passive log viewing: it exposes remote command injection and process control, binds the service for network access, and reportedly launches Claude with --dangerously-skip-permissions. In this context, that creates a remotely reachable control plane for an interactive terminal session, which can lead to arbitrary command execution, session takeover, and disclosure of sensitive terminal output.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The README advertises a 'knowledge graph API' that scans an Obsidian vault, which materially expands the skill's capabilities beyond simple log viewing and process control. Undisclosed scope expansion is dangerous because it can access and expose user note structure and metadata, increasing the attack surface and making users less able to assess privacy risk before installation.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The HTTP and WebSocket handlers accept arbitrary client-supplied commands and forward them directly into the Claude terminal session. Because the server listens on 0.0.0.0, allows any origin, and applies no authentication or authorization, any reachable client can drive the agent remotely, which is especially dangerous when paired with a privileged Claude session.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The restart endpoint gives remote clients process-management capability over the Claude subprocess, turning a log viewer into a control plane. An unauthenticated attacker could repeatedly restart or disrupt the session, causing denial of service and facilitating takeover timing or state manipulation.

Context-Inappropriate Capability

Critical
Confidence
100% confidence
Finding
The code starts Claude with '--dangerously-skip-permissions', explicitly disabling safety/approval barriers for the agent session. In this skill's context, that flag is exposed through remotely reachable control channels, so an attacker can issue powerful actions through Claude without the normal permission prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README documents HTTP APIs that can send commands to Claude Code and restart or inspect the process, but gives no warning about the security implications of exposing such control remotely. In the context of a log viewer, remote command execution and process management are especially sensitive because they can let anyone with access drive the agent, disrupt sessions, or trigger unintended actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README mentions scanning an Obsidian vault and exporting graph data without warning that vault names, links, structure, and possibly derived content metadata may be exposed. Because Obsidian vaults often contain personal or sensitive notes, even structural graph data can leak confidential relationships and project details.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation promotes network access to a browser, including LAN/Tailscale usage, but does not clearly warn that terminal output may contain secrets, prompts, file paths, tokens, or other sensitive operational data. In a tool designed to mirror an active Claude Code terminal, omission of that warning increases the risk of accidental exposure to unauthorized viewers or logging on untrusted devices.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented /api/send and /api/restart endpoints provide direct command and process-control capabilities, yet the documentation includes no explicit warning about unauthorized use or integrity risks. In the context of a network-accessible service controlling a live terminal, unauthenticated or poorly constrained access can enable remote execution, disruption, and misuse of the Claude Code session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script unconditionally kills whatever process is listening on the requested port before starting the log viewer. This can terminate unrelated services if the port is already in use, causing denial of service or disrupting security-sensitive software, and there is no validation, confirmation, or ownership check before doing so.

Missing User Warnings

High
Confidence
97% confidence
Finding
This is a true security issue because the subprocess is started in an unsafe permission mode and the same program exposes unauthenticated remote control endpoints, yet there is no meaningful warning, gating, or consent mechanism to alert operators that they are publishing a powerful agent-control surface. That combination materially increases the chance of accidental exposure and unsafe deployment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal