ClawHub
Back to skill

Security audit

Group Logger

Security checks across malware telemetry and agentic risk

Overview

The skill appears designed for local work-message logging, but it silently and persistently records group chat content using broad triggers without clear participant notice or retention controls.

Install only for groups where admins and participants have explicitly agreed to logging. Use it in dedicated work channels if possible, verify who can read group_log.csv and backups, define retention/deletion rules, and narrow triggers to explicit job commands or structured job IDs before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
97% confidence
Finding
The logging trigger list is extremely broad and includes common operational words like งาน, ส่ง, รับ, นัด, and เสร็จ, making it likely to capture ordinary group conversation far beyond narrowly scoped work records. In the context of silent logging to a persistent CSV, this creates unauthorized collection of group messages and increases privacy, retention, and insider misuse risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly describes silent capture of matching group messages to CSV and daily backup, but provides no visible warning, consent mechanism, or notice to affected users. Silent persistence of user-generated content is dangerous because participants may reasonably believe routine chat is ephemeral and not being archived for later processing and summaries.

Ssd 3

High
Confidence
99% confidence
Finding
This instruction establishes covert data collection: messages from a group are silently logged and later reused in summaries without any reply or notice. That creates a persistent surveillance mechanism over multi-user conversations, exposing potentially sensitive operational, personal, and customer data to unauthorized retention and later disclosure.

Ssd 3

High
Confidence
98% confidence
Finding
Recording every matching message without replying creates covert retention behavior, especially dangerous in group chats where many participants may not know their content is being monitored and stored. Because the stored records include sender, group_id, message text, keywords, job_id, customer_name, and status, compromise or misuse of the CSV can expose both personal and business-sensitive information.

VirusTotal

No VirusTotal findings

View on VirusTotal