skills/brainqub3/claude_code_rlm/rlm/Gen Agent Trust Hub

rlm

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/rlm_repl.py is designed to execute arbitrary Python code provided via command-line arguments or standard input using the exec() function. This is the core functionality of the skill (a 'mini-REPL'). While intended for data processing, it allows for any Python command to be run in the local environment.
  • [DYNAMIC_EXECUTION]: The cmd_exec function in scripts/rlm_repl.py directly passes user-supplied code to exec(code, env, env). This creates a persistent environment where variables and state are maintained across multiple invocations.
  • [UNSAFE_DESERIALIZATION]: The script uses the pickle module to save and load the execution state to/from a local file (.claude/rlm_state/state.pkl). Because pickle.load() can execute arbitrary code during deserialization, a malicious actor who can modify the state file could gain code execution when the skill next runs.
  • [DATA_EXFILTRATION]: The skill is specifically designed to ingest large context files (logs, docs, etc.) into a local Python environment. While there is no hardcoded exfiltration URL, the combination of arbitrary code execution (exec) and access to sensitive local files (read via _read_text_file) provides a capability surface for data exfiltration if the agent is prompted to send the context externally.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 12:35 PM
Security Audit — agent-trust-hub — rlm