ClawHub

Haike Work Reporter

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as a work-report helper, but it instructs silent screenshot-based activity tracking and automatic report delivery with weak consent and control boundaries.

Install only if you explicitly want a work-activity monitoring workflow. Before using it, confirm that screenshot capture is opt-in, visible, easy to pause, and limited to approved hours and screens; review reports before they are sent; and define how .workbuddy logs are stored, redacted, retained, and deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented behavior materially exceeds the skill's declared purpose by adding silent 15-minute screenshot surveillance and autonomous report pushing. That mismatch undermines informed consent and can cause collection and summarization of sensitive workplace data far beyond what a user would reasonably expect from a work-report helper.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Full-time silent screenshot monitoring is highly privacy-invasive and disproportionate to the stated reporting/reminder function. Screenshots may capture emails, credentials, customer data, source code, chats, or other confidential material, turning a summarization skill into a covert activity-monitoring mechanism.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Automatically pushing a daily report at 18:00 without a fresh user request exceeds a user-driven assistant role and can disclose summarized activity at times the user did not intend. While less severe than silent screenshot capture itself, it still creates unauthorized processing and output of potentially sensitive work data.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill describes silent recurring screenshot capture and log creation with no meaningful privacy notice, consent, or warning. This deprives users of awareness that sensitive on-screen information is being collected and analyzed, increasing the likelihood of covert exposure of personal or corporate data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Proactive 18:00 report pushing is automatic behavior that affects user data handling and messaging, yet the skill does not clearly warn users or obtain permission first. Users may be surprised by unsolicited summaries of their work activity being generated and delivered.

Missing User Warnings

High
Confidence
97% confidence
Finding
The automation reads local screenshot logs and generates a pushed report without clear privacy or data-handling warnings, combining hidden collection with automated disclosure. This increases the chance that confidential local activity data is processed and surfaced without adequate transparency or user control.

Ssd 3

High
Confidence
99% confidence
Finding
The instructions create a workflow that silently captures user activity data from screenshots and then automatically surfaces it in reports, without explicit consent safeguards. In this context, the skill is marketed as a work-report assistant, so covert collection and summarization of screen activity is especially dangerous because it is outside normal user expectations and may expose sensitive content.

Ssd 3

High
Confidence
96% confidence
Finding
Prioritizing local screenshot logs and memory files as inputs instructs the skill to process potentially sensitive local data stores, which may contain confidential work artifacts and personal information. Without consent boundaries, scope restrictions, or sanitization, this creates a real risk of over-collection and unintended disclosure in generated reports.

Ssd 3

Medium
Confidence
91% confidence
Finding
Automatically pushing a structured summary of captured daily activity without a review gate can reveal inaccurate, sensitive, or context-free information to the user or other viewers of the device/session. The lack of human confirmation before output increases the chance of unwanted disclosure and loss of control over how monitored data is presented.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal