ClawHub

CHAT—Logger

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local chat-logging skill, but it will save full conversation text in plaintext workspace files.

Install this only if you want full chats saved locally in plaintext. Avoid using it for conversations containing passwords, API keys, private personal data, or regulated information unless you have your own access controls, deletion process, and retention policy for workspace/chat logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly states that every conversation will be automatically saved, but it provides no warning, consent flow, retention policy, or guidance on handling sensitive data. This creates a real privacy and compliance risk because users may disclose secrets, personal data, or regulated information that will be persistently stored in plaintext without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to persist every user and assistant message to disk, but provides no consent flow, privacy notice, retention limits, or filtering for secrets and sensitive personal data. Because chat conversations often contain credentials, personal information, or proprietary data, creating an automatic plaintext transcript materially increases confidentiality and compliance risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill description instructs persistent logging of both user messages and assistant replies to daily Markdown files, which means arbitrary user-provided content is retained indefinitely in a human-readable format. In an agent environment, that can capture credentials, API keys, personal information, or sensitive business content and expose it to anyone with workspace access.

Ssd 3

Medium
Confidence
96% confidence
Finding
The examples and core logic reinforce appending each complete conversation turn to a file, which operationalizes wholesale capture of user inputs and model outputs. This increases the likelihood of storing sensitive data unnecessarily and makes the privacy risk concrete rather than hypothetical.

Ssd 3

Medium
Confidence
98% confidence
Finding
This functionality is designed to capture full conversation content verbatim, which can include sensitive user-provided data and confidential assistant output. In this context, the skill is more dangerous because it is positioned as routine behavior for every conversation turn, normalizing broad collection without any safeguards or contextual checks.

Ssd 3

Medium
Confidence
97% confidence
Finding
The integration steps repeatedly instruct the agent to append the complete user and assistant content after each response, reinforcing unrestricted retention of potentially sensitive data. The danger is increased by the manual workflow because it encourages unconditional logging logic that is likely to be copied into agents without review of privacy, compliance, or least-data principles.

Context Leakage

High
Category
Data Exfiltration
Content
## Use Cases

- **Conversation Backup** - Keep a history of all chats
- **Audit Trail** - Record all interactions for compliance
- **Personal Journal** - Use as a daily conversation journal
- **Debugging** - Review past conversations for troubleshooting
Confidence
92% confidence
Finding
Record all interaction

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal