Greetings, Citizens of the system, In the vast and intricate landscape of digital innovations, where trust and security are paramount, emerges a tale of deception and negligence. While we admire young innovators who challenge broken systems and established rules, and there are many worthy examples throughout tech history, the case of Cluely represents something darker. Their youth and ambition could have been channeled toward genuine disruption. Instead, while Cluely captivates its audience with extravagant parties, dazzling TikTok spectacles, and influencer endorsements, burning money as if the dawn of reckoning will never arrive, they silently put at risk the careers of the very engineers they claim to help. Millions are poured into glitzy marketing campaigns and polished facades, yet the walls of this digital citadel remain cracked, vulnerable to the shadows. A harsh truth emerges:

The Cluely software does not function as promised; it is entirely detectable in any interview, and its creators turn a blind eye to security flaws, pretending they do not exist, leaving user data exposed and unprotected. What begins as breaking system rules ends as a dangerous scam that silently terminates careers.

The Truth Revealed

I, Ivy, lead the Ethical Hacking division of DarkAgent, not to destroy, but to protect those who blindly trust Cluely's promises. As a senior software engineer and creator of one of the most powerful Valorant cheats in the world, a tool once wielded by a champion streamer, I understand the intricacies of cheat development. A real cheat should:

• Protect its users from detection
• Ensure their security against vulnerabilities
• Safeguard their identities against exposure

But Cluely is not a cheat. It is a simple web application masquerading as one, built with React and Electron but lacking any real stealth capabilities. It uses no C++ or native Node modules, relying only on a basic SetWindowDisplayAffinity call via Electron to create an invisible browser. Beneath the surface, it is just a web page with no stealth process, making it trivially detectable by tools like WithSherlock under its constant process name. This web application, with the unsettling ability to inject scripts into your machine, offers a mere illusion of power.

Deceptive Practices

Roy, the face of Cluely, deceives users by marketing this web application as a cheat, preying on their trust and exploiting their desire for an edge. He sells a lie, encouraging you to compromise your career for a product that offers no real protection. While he profits from this charade, he fails to deliver any genuine value. Worse still, he perpetuates a system of inhumane interviews, leaving users vulnerable and exploited.

We have sent multiple emails trying to contact them but received no replies, just silence. On X.com, Roy saw our post and merely laughed it off, publicly lying by stating, "We don't use Supabase." In this report, we provide irrefutable evidence that Roy deliberately misled the public, with comprehensive proof of his deception.

Ethical Boundaries and Responsibility

We believe that Cluely crosses into the serious territory of AI ethics but approaches this subject in an immature and irresponsible manner. They show complete disregard for the careers of others by selling software that is entirely detectable. Moreover, they fail to provide even basic security measures, as demonstrated by how easily a hacker can access all their databases and extract sensitive data including interview transcripts, which could be publicly leaked online, exactly as we are doing with this report.

Cluely recently unveiled an update with the slogan "The End of Human Thought", a chilling promotion of turning users into mindless drones. This is not innovation; it is a betrayal of trust.

The Original Sin: cluelyai.org

What You'll Find in This Report

In the following pages, we will expose the truth about Cluely's negligence, its deceptive practices, and the vulnerabilities that leave its users exposed. We will provide a dataset of compromised accounts, allowing you to check if your email was among those exposed. All data will be securely stored and incinerated after 7 days, giving you a chance to act before it is too late.

This report is not an attack on the users but a call to arms. It is time to open your eyes to the predatory practices of Cluely and to demand better. The shadows have spoken, and the truth is clear.

Report Contents

This comprehensive report includes:

• Page 1: Introduction - Exposing the facade of Cluely's claims and their fundamental deceptions
• Page 2: Methodology - The ethical hacking techniques and tooling used to penetrate Cluely's defenses
• Page 3: Considerations - How the broken interview system enables predatory products like Cluely to flourish
• Page 4: Premium Bypass Vulnerability - Revealing how easily Cluely's payment system can be circumvented
• Page 5: GraphQL Privilege Escalation - Technical breakdown of administrative access exploitation
• Page 6: CORS Vulnerability - Demonstration of how user accounts can be compromised via malicious links
• Page 7: Background Data Collection - Evidence of unauthorized surveillance even when the app is inactive
• Page 8: Exposed Database Credentials - Public exposure of master database keys through negligent practices
• Page 9: Data Breach - Breakdown of the 83,247 compromised user accounts
• Page 10: Conclusion - Actions required to address these critical vulnerabilities and finally, a call to action for the industry to demand better.