ClawHub

Chat Vitals

Security checks across malware telemetry and agentic risk

Overview

Chat Vitals is a local conversation-metrics tool; it monitors chat activity after use is started, but I found no evidence of raw chat persistence, network exfiltration, destructive actions, or hidden install behavior.

Install only if you are comfortable with a local tool inspecting chat messages to calculate metrics and retaining local session telemetry. Avoid using it for highly sensitive conversations unless local metadata retention is acceptable, and periodically delete the skill data directory if you do not want historical metrics kept.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill advertises operational capabilities consistent with file access, shell execution, and MCP interaction, but the manifest does not declare corresponding permissions or user-facing trust boundaries. That mismatch can prevent informed consent and makes the skill harder to sandbox or review, increasing the risk of over-privileged behavior when installed or executed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes "zero friction" automatic conversation tracking and live monitoring without clearly warning that user prompts, model outputs, and token-usage metadata may be collected or persisted. In a monitoring skill, this can lead users to enable data collection without informed consent, increasing privacy, compliance, and accidental sensitive-data exposure risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes automatic conversation tracking and real-time monitoring without a clear warning that conversation content, metadata, and derived metrics may be recorded or persisted. In a chat-monitoring skill, this is especially sensitive because users may expose secrets, personal data, or proprietary information during normal use without realizing they are being logged.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module is explicitly designed to auto-collect conversation data via hooks and records full user/assistant content without any visible consent, notice, or gating in this file. In a chat-monitoring skill, silent telemetry of conversation content creates a privacy and compliance risk because sensitive prompts, secrets, and personal data may be captured unexpectedly.

Ssd 3

Medium
Confidence
95% confidence
Finding
This file implements automatic logging of full conversation turns and passes raw user_input and model_output into persistent session recording. Because chat content often contains credentials, personal data, business data, or security-sensitive prompts, storing it in plain form materially increases exposure if local files, backups, or downstream analytics are accessed by unauthorized parties.

Ssd 3

Medium
Confidence
97% confidence
Finding
The hook functions capture every user message and assistant response automatically and persist them as conversation turns, creating pervasive surveillance of the chat stream. In the context of a monitoring skill, this makes the issue more dangerous because collection is zero-friction and easy to enable broadly, so users may be monitored continuously without realizing raw content is retained.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal