NeuralDebug
Security checks across static analysis, malware telemetry, and agentic risk
Overview
NeuralDebug has a legitimate debugging purpose, but using it requires running unreviewed external code with powerful debugger, TCP server, dynamic-code, and persistent model-changing capabilities.
Install only if you are comfortable reviewing and running the external DeepRhapsody code. Use a container or virtual environment, pin dependencies, bind debug servers to localhost, avoid production processes, and require explicit confirmation before attaching to processes, writing memory, running custom analysis code, or saving fine-tuned models.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be trusting external code and changing dependency versions on your machine before using a tool that can inspect and control local programs.
The runnable implementation is fetched from an external repository at use time, and core dependencies are unpinned. The reviewed package itself contains no code files, so the actual debugger implementation is outside the reviewed artifacts.
git clone https://github.com/DennySun2020/DeepRhapsody.git ... pip install torch transformers
Review the GitHub repository, pin a known commit and dependency versions, and run it in a virtual environment or container.
A mistaken or overbroad debugging command could expose secrets in process memory or alter a running program.
These are raw debugger controls over running processes and memory, but the artifacts do not define approval requirements, allowed targets, or safeguards for destructive mutations.
`attach <pid>` | Attach to a running process ... `evaluate <expr>` | Evaluate an expression in current context ... `write_memory <addr> <bytes>` | Patch memory
Use only on explicitly selected test processes, avoid production systems, and require confirmation before attach, evaluate, or memory-write operations.
Running untrusted analysis code could affect the local Python process or model environment if the sandbox is incomplete.
The LLM debugger supports dynamic expression and custom Python analysis execution. Although the document says it is sandboxed, the implementation is not included for review.
`evaluate <expr>` | Evaluate PyTorch expression on live tensors ... `exec_analysis "def analyze(model, tokenizer, input_ids): ..."` ... `exec_analysis @my_analysis.py`
Run only trusted analysis files, isolate the environment, and verify the sandbox implementation before relying on it.
If the server is reachable by other local users, containers, or network peers, they may be able to send debugger commands or receive program state.
High-impact debugger commands are exposed through a TCP/JSON server, but the artifacts do not specify authentication, permitted clients, or host binding restrictions.
NeuralDebug uses a **client-server architecture** over TCP/JSON ... NeuralDebug Server (TCP server on configurable port) ... Every command returns structured JSON — parseable by any AI agent.
Bind servers to localhost, firewall the ports, and do not expose the debug server on shared or public networks.
Incorrect or malicious fine-tuning data can continue influencing later model outputs until the saved weights are removed.
Fine-tuned facts are saved and reused automatically on restart, which intentionally persists changed model behavior across sessions.
`auto_save` | true | Save merged model to disk ... The server automatically loads fine-tuned weights if they exist
Track what facts were fine-tuned, disable or avoid auto-save when testing, and delete the documented cache directory to reset the model.