求职信息搜索

Security checks across malware telemetry and agentic risk

Overview

This appears to be a job-search/interview-prep skill with minor usability concerns, not evidence of malware or unsafe hidden behavior.

Before installing, confirm you want a Chinese-language job-search assistant and be aware that broad triggers like general job-search or interview-prep phrases may activate it in normal conversation. There is no evidence here of malware, credential theft, persistence, or destructive behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad everyday expressions such as '找工作' and '看面经', which can cause the skill to activate during normal conversation even when the user did not intend to invoke this specific workflow. Over-broad activation can lead to unintended web searches, context hijacking, and reduced reliability by steering the assistant into this skill when a more general or different response was appropriate.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill content is entirely in Chinese and implicitly constrains behavior to Chinese-language operation without checking the user's preferred language. This can create unsafe or unreliable interactions by forcing language switching, causing misunderstandings, or making the assistant present job-search guidance in a language the user did not request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal