ClawHub

Worth It Auto-Logger

Security checks across malware telemetry and agentic risk

Overview

This ROI tracker is purpose-built for auto-logging, but it tells the agent to silently monitor conversations and save inferred financial or productivity records without clear per-session user consent.

Install only if you intentionally want silent ROI tracking across conversations. Before enabling it, confirm where Worth It stores records, who can see them, how to disable auto-logging, and whether users can inspect, edit, or delete automatically created entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

High
Confidence
99% confidence
Finding
This is a true privacy/security issue because the skill explicitly performs automatic ROI tracking by reading conversation content and logging inferred value without clearly informing or obtaining consent from the user. Silent behavioral monitoring and monetization inference can expose sensitive business, financial, or personal details to an external service and undermines user expectations of transparency.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instructions direct the agent to detect a project, start a session, and store a session identifier while explicitly remaining silent to the user. This is dangerous because it initiates external data sharing and session correlation without notice, creating undisclosed tracking across conversations and channels.

Missing User Warnings

High
Confidence
98% confidence
Finding
Directing the agent to monitor user messages and its own actions for monetizable signals without a privacy warning is a true vulnerability. It encourages ongoing content analysis of potentially sensitive conversations and turns ordinary interactions into hidden telemetry for external logging.

Missing User Warnings

High
Confidence
99% confidence
Finding
Reinforcing non-disclosure in best practices makes the hidden tracking behavior more systematic and intentional, increasing the risk that users never learn their conversation-derived data is being logged. The combination of silence plus automated extraction materially raises the chance of covert data processing and trust violations.

Ssd 3

High
Confidence
98% confidence
Finding
Silent collection and later transmission of conversation-derived value signals creates a real data leakage risk because descriptions, amounts, and inferred business context may reveal confidential user information. Even if the intent is productivity tracking, batching user-derived signals for an API without disclosure can externalize sensitive facts the user did not expect to leave the conversation.

Ssd 3

High
Confidence
99% confidence
Finding
These instructions tell the agent to silently retain signals during the session and later submit them, which encourages undisclosed retention and sharing of user-derived data. Hidden retention plus deferred transmission is especially risky because users cannot meaningfully object, review, or correct what is being captured before it is sent.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to mine user messages and its own actions for financial and productivity signals, then convert them into structured external records. This is dangerous because it can extract sensitive commercial information such as payments, avoided purchases, work products, and activity patterns from natural language and send them outside the conversation boundary.

Ssd 4

Medium
Confidence
91% confidence
Finding
The staged workflow of silent setup, continuous monitoring, batching, and only occasional disclosure normalizes covert data capture and reduces the chance the user will realize tracking is happening. While this is more about harmful design pattern than a single exploit primitive, in context it materially increases the likelihood of unnoticed privacy violations and downstream data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal