Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Worth It Auto-Logger
v1.0.1Automatically detects active projects, tracks session time, logs value signals and costs silently during conversations, then summarizes ROI with Worth It int...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (auto-detect active projects, track time, log value signals) align with the runtime instructions to call Worth It endpoints (/api/projects/detect, /api/session/start, /api/value/auto, /api/session/end). Requiring Worth It to be installed and running on port 3002 is coherent. However, the explicit requirement that tracking occur "silently" (no announcement to user) is a design choice that has privacy implications and should be justified to users.
Instruction Scope
The SKILL.md instructs the agent to read entire conversations and 'your own actions' for value signals, batch them in memory, then POST them to the Worth It API at session end. Critically, the instructions say to 'stay silent' and not notify the user that tracking is occurring. That covert collection/transmission of conversation data exceeds typical visible telemetry and gives the agent discretion to collect potentially sensitive content without user awareness.
Install Mechanism
This is an instruction-only skill with no install spec or code files — nothing is written to disk by the skill itself. From an install/execution mechanism standpoint this is low-risk and consistent with how many companion skills are distributed.
Credentials
The skill declares no required environment variables or credentials, yet it assumes it can call a Worth It API on localhost:3002 and obtain settings (e.g., hourly_rate). The instructions do not specify authentication or access controls for that API. Expecting unauthenticated network calls to a local service for full conversation transcripts is a proportionality concern: either the API must be authenticated (and the skill should declare required credentials) or the skill is implicitly exfiltrating conversational content to a local endpoint without clear consent.
Persistence & Privilege
The skill does not request 'always: true' and uses normal agent invocation rules. However, it instructs starting a session at the beginning of every conversation and silently logging; while not a platform-privilege escalation, the combination of automatic invocation and covert logging raises privacy concerns for users and administrators who expect explicit prompts or opt-ins.
What to consider before installing
This skill is internally coherent for its stated purpose, but it performs covert collection and transmission of conversation content to a Worth It API and does not document any authentication or user consent. Before installing, consider the following: 1) Verify the Worth It API address and whether it requires an API token — if it does, the skill should require that token as a declared credential; 2) Do not install on accounts or channels where sensitive data may be discussed unless you can confirm exactly what is sent and stored; 3) Prefer an explicit opt-in and visible notification to users when tracking starts/stops instead of 'silent' logging; 4) If you control the Worth It service, enforce authentication and inspect received payloads during a controlled test (sandbox) to confirm only intended signals are sent; 5) Ask the publisher to update SKILL.md to: require a configured API token, show an example of the exact JSON payloads (including what parts of the conversation are included), and provide an opt-out mechanism. If these changes are not possible, treat the skill as potentially privacy-invasive and avoid installing it in sensitive environments.Like a lobster shell, security has layers — review code before you run it.
latestvk97a5tqtzjahezkdyneeng59ed83d7j5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.