ClawHub

AfrexAI Hiring Scorecard

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only hiring scorecard skill with no hidden execution or system access, but it should be used only as human-reviewed decision support.

Safe to install from an artifact-security perspective. Use it only with authorized candidate information, avoid unnecessary personal or sensitive data, do not score protected characteristics or proxies, and require trained human review under applicable hiring, privacy, and equal-opportunity policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly promotes scoring candidates and producing hire/no-hire recommendations, which places the skill in a sensitive employment decision context. Without warnings, limits, or guidance on handling personal data and avoiding fully automated employment decisions, users may deploy it in ways that create privacy, bias, compliance, and discrimination risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill processes candidate evaluation data, interview notes, and hiring recommendations, which commonly include sensitive personal information and confidential employment assessments. Without explicit privacy guidance, data-minimization rules, or handling restrictions, users may paste unnecessary PII or store protected hiring data in insecure systems, increasing the risk of privacy violations, bias documentation leakage, and compliance issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal