ClawHub

RMN Visualizer

Security checks across malware telemetry and agentic risk

Overview

This skill visualizes local agent memory as advertised, but its recommended launch path can publish sensitive memory data to an unauthenticated public URL.

Install only if you are comfortable with this skill reading local agent memory and issue files. Prefer local-only mode with serve.js, review the memory files first, and do not use launch.js or share the Cloudflare URL unless the workspace contains no secrets, private notes, customer data, prompts, credentials, or account details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script automatically opens a Cloudflare Tunnel to a local service, exposing it to the public internet without any authentication, access control, or clear necessity established by the provided context. Even though the code appears intended to share a visualization, internet-exposing localhost substantially increases attack surface and can leak sensitive local data or enable unintended remote interaction if the served app is not hardened.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly says the agent will scan memory files, start a visualization service, open a Cloudflare Tunnel, and post a public link. Memory files commonly contain sensitive prompts, notes, issue data, or internal context, so documenting public exposure without a clear warning, authentication boundary, or consent step creates a real confidentiality risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases are broad enough to match ordinary conversation such as 'show memory network' or 'brain map,' which increases the chance of unintended invocation. In this skill, accidental activation is risky because the documented behavior can start a local server and potentially expose sensitive memory data via a public tunnel.

Missing User Warnings

High
Confidence
98% confidence
Finding
The recommended launch path starts a Cloudflare Tunnel and returns a public URL, but the documentation does not clearly warn that this may expose visualized contents of MEMORY.md, memory/*.md, or .issues/* to anyone with the link. Because these sources can contain sensitive agent state, notes, or issue data, omission of an explicit exposure warning materially increases the risk of data leakage.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The tunnel is created automatically after a short delay and the script prints the public URL for relay, but there is no interactive confirmation or meaningful disclosure that a local server is being exposed externally. This creates a consent and security-risk gap: users may run the script expecting local visualization only, while actually publishing it to the internet.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The server exposes parsed contents of MEMORY.md, SOUL.md, memory/, and .issues/ over HTTP at /api/data with no authentication, authorization, or explicit bind restriction. In this skill context, those files are likely to contain sensitive agent memory, tasks, internal notes, or secrets, so serving them via a local web server materially increases confidentiality risk if the port is reachable by other local users, containers, browser extensions, or a misconfigured network boundary.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal