MLX Local AI
Security checks across malware telemetry and agentic risk
Overview
This local AI skill is mostly purpose-aligned, but it should be reviewed because it trusts remote model code and starts an embedding server file that is not included in the package.
Install only if you are comfortable running local shell scripts and Python packages from external sources. Before starting it, review or remove --trust-remote-code, confirm what ~/embedding_server.py is, and understand that the services will keep running in the background until stopped.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Starting the local chat server may execute remote model code, not just load model weights.
The service starts MLX-LM with --trust-remote-code, which can allow code associated with the model repository to run locally with the user's privileges. The SKILL.md quick-start does not call out this trust boundary.
nohup python -m mlx_lm.server \
--model mlx-community/Qwen3.5-4B-OptiQ-4bit \
--trust-remote-codeOnly install from a publisher you trust, pin model revisions where possible, remove --trust-remote-code unless it is strictly required, and disclose this behavior in the user-facing instructions.
The embedding service may fail to start, or it may run a pre-existing/unreviewed ~/embedding_server.py file instead of reviewed package code.
The start script executes a home-directory embedding_server.py, but the supplied file manifest does not include scripts/embedding_server.py. install.sh also warns that embedding_server.py may be missing, so the runnable embedding service is not fully represented in the reviewed package.
nohup python ~/embedding_server.py > "$LOG_DIR/embedding.log" 2>&1 &
Include the embedding server implementation in the package, execute it from the skill directory or virtual environment with a clear path, and avoid running arbitrary home-directory files.
Different installs may receive different package or model versions, and compromise or changes in those sources could affect the local environment.
The installer pulls unpinned Python dependencies and uses an external Hugging Face mirror. This is expected for a local ML/LLM setup, but it means the installed code and model artifacts depend on live external supply-chain sources.
pip install mlx mlx-lm ... pip install sentence-transformers ... pip install flask requests numpy ... HF_MIRROR="https://hf-mirror.com"
Pin package versions and model revisions, provide hashes or a lockfile where practical, and tell users which external sources are contacted.
Local AI services may keep using memory/CPU and listening on local ports until stopped.
The skill intentionally starts background services that continue running after the command returns. This is consistent with a local AI service manager, but it is persistent runtime behavior.
nohup python ~/embedding_server.py > "$LOG_DIR/embedding.log" 2>&1 & ... nohup python -m mlx_lm.server ... --port 8080 > "$LOG_DIR/chat.log" 2>&1 &
Use the documented stop command when finished, and check the status/logs if resource use is unexpected.
Stopping the service could accidentally stop another local process with a similar command name.
The stop command terminates processes by pattern rather than by recorded PID. This is common in simple service scripts but can affect unrelated processes with matching command lines.
pkill -f "mlx_lm.server" ... pkill -f "embedding_server.py"
Track service PIDs in a pidfile and stop only the processes started by this skill.