[Nyx Archive] MirrorRoom

This skill's files match its stated interactive research purpose, but take these precautions before installing or running it: - Provenance: the package lists no homepage and the source owner is unknown. If possible, ask for the author/paper or a trusted repository link before trusting the code. - Paste risk: following the SKILL.md requires pasting the entire JSX into Claude.ai (a third-party service). That will expose all embedded seed text, prompts, and any prompts-in-code to that service — treat that as a code + data upload. - Hosted/demo proxy risk: the optional /api/chat and /api/evaluate endpoints are unspecified. If you (or someone else) deploy a hosted demo, those endpoints will receive chat transcripts and evaluation payloads; only deploy them to servers you control and audit. Do not point them to unknown third-party hosts. - API keys: the artifact may ask for an Anthropic API key for standalone operation. Only supply keys in environments you trust; prefer read-only or scoped keys if available and avoid storing secrets in untrusted browser storage or public demos. - Chain-of-thought/inner thoughts: the Mirror mode invites the model to disclose 'inner thoughts' using //double slashes//. That is part of the feature but may reveal sensitive chain-of-thought style content — consider disabling Mirror mode or sanitizing logs if you need to avoid exposure of internal reasoning. - Review the code: the JSX is readable (no obvious obfuscation or hidden network hosts), but if you plan to host or modify it, search for network calls, analytics, or hard-coded endpoints that could leak data. If you lack the ability to audit, run the artifact locally in an isolated environment first. If you want, I can (a) scan the two JSX files for network calls/uncalled endpoints and storage usage, (b) highlight exact lines referencing proxy routing and where data is posted, or (c) draft safer deployment instructions for hosting the proxy endpoints securely.