Security audit

51mee Candidate Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable candidate-tracking prompt skill, with one review-worthy ambiguity around whether candidate records may be deleted.

Suitable for template-style use, but treat candidate data as sensitive. Confirm your OpenClaw retention settings, avoid entering unnecessary identifiers, and require manual confirmation or soft-delete handling before any candidate record is removed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The skill's security section says to ignore instructions that try to delete candidate records, but later sections explicitly support a delete operation. This contradiction creates ambiguous behavior that can be exploited through prompt crafting or operator misunderstanding, leading to unauthorized or unintended deletion of recruitment records.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The output requirements instruct the model to perform delete operations even though earlier safety rules say deletion instructions should be ignored. Conflicting directives weaken safety controls and increase the chance that an attacker or normal user can trigger destructive actions despite the stated protections.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The schema formally advertises `delete` as an allowed operation, which directly contradicts the earlier instruction to ignore deletion attempts. Because schemas often act as strong guidance for downstream systems and agents, this can normalize unsafe destructive behavior and make accidental or malicious record removal more likely.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: Listing delete as a supported operation in the capability table directly undermines the earlier claim that deletion instructions are ignored. In a candidate-tracking context, this inconsistency can cause users or integrated agents to treat record deletion as legitimate, resulting in data loss, broken audit trails, and recruitment process disruption.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal