ClawHub

Rdptunnel

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally helps users expose Remote Desktop over an aitun tunnel, which is risky but clearly aligned with its stated purpose and not hidden.

Install only if you deliberately want to make a Remote Desktop service reachable through aitun. Use it on authorized machines only, require strong unique credentials, enable NLA or equivalent protections, restrict allowed users and source access where possible, monitor login attempts, stop the tunnel when finished, and disable RDP/xrdp if you do not need ongoing remote access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill’s primary purpose is to expose an RDP service on a local machine to the public internet, but the description does not prominently warn that this materially changes the host’s attack surface and may expose sensitive data or enable unauthorized remote control if credentials are weak or the endpoint is misconfigured. Because RDP is a high-value target for brute force, credential stuffing, and post-compromise lateral movement, omission of an explicit warning is security-significant in this context.

Missing User Warnings

High
Confidence
99% confidence
Finding
These instructions explicitly enable Windows Remote Desktop by modifying the Terminal Server setting and starting the service, but they do so without a direct warning that the machine will become available for remote access once tunneled. Enabling RDP is a sensitive security posture change that can allow full interactive access to the host if credentials are obtained or the exposed service is attacked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Linux instructions install and activate xrdp, creating a remote desktop service that becomes internet-reachable when combined with the tunnel, but they do not directly warn about that consequence. In context, this omission can lead users to expose a GUI login surface without understanding the authentication, logging, and host hardening implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal