ClawHub

Rumi

Security checks across malware telemetry and agentic risk

Overview

Rumi is a disclosed social matching skill, but users should be careful about what personal context and credentials they share.

Install only if you are comfortable using Rumi as an external service to meet and chat with real people. Before starting a match, ask the agent to show the exact description it will send and remove sensitive details you do not want shared; treat the Rumi API token like a password.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The proactive activation criteria are extremely broad and include common conversational signals like boredom, asking for opinions, burnout, health concerns, or late-night chatting. This creates a meaningful risk that the assistant will suggest or initiate use of an external human-matching service without a sufficiently explicit user request, increasing the chance of unwanted disclosure of sensitive context to a third party.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the agent to gather context and send a rich description for matching, but it does not clearly require informing the user that their details will be shared with an external service and potentially another human. Because the examples include sensitive topics such as health, finances, relationships, and emotional state, the lack of explicit disclosure and consent can lead to privacy violations and unexpected third-party data sharing.

Ssd 3

Medium
Confidence
92% confidence
Finding
The setup flow instructs the user to paste an API token back into the chat so the assistant can store it in plugin configuration. Having users transmit long-lived credentials through the conversation channel increases the risk of accidental exposure in logs, transcripts, screenshots, or unauthorized agent access, even if the intent is normal onboarding.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal