ClawHub

Job Applications

Security checks across malware telemetry and agentic risk

Overview

This skill has a real job-application purpose, but it can automatically submit applications using a named person’s personal data and job-site accounts, including scheduled runs and credential requests.

Install or run this only if you are Abed Mir or have explicit permission to act for him. Before use, disable auto-apply or require approval before every submission, remove hard-coded personal data if sharing, never send passwords or one-time codes through Discord, and make scheduled runs opt-in with a clear way to stop them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly automates job applications, resume generation, and writes tracking/log files, but it does not require an explicit confirmation step or warn the operator that it will submit personal data to third-party sites and modify local files. Because it handles sensitive personal/employment data and performs irreversible external actions, the lack of disclosure and consent controls creates a real safety and privacy risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the agent to interact with authenticated Indeed and LinkedIn sessions and to obtain verification codes or credentials from a human, but it provides no credential-handling safeguards, privacy boundaries, or restrictions on storage/redisclosure. This increases the chance of sensitive authentication data being mishandled, exposed in chat/logs, or used beyond the intended scope.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The JSON includes a skip_reason stating 'HARAM - Personal loans/lending company' and notes that the system is 'Configured to avoid lending/loan companies.' This embeds a specific religious policy directly into the application's decision logic/data without evidence of explicit user opt-in, creating a risk that the agent will enforce ideology-based filtering rather than neutral, user-authorized preferences.

Ssd 3

Medium
Confidence
97% confidence
Finding
Directing the agent to ask a human for a live email verification code and then use it for account access normalizes out-of-band secret collection and creates a pathway for phishing-like behavior. Even if intended for convenience, one-time codes are authentication secrets and should not be relayed through agent workflows or chat channels.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly tells the agent to ask for LinkedIn credentials if the session expires, which is a direct credential solicitation pattern. This is dangerous because it trains the agent to collect passwords and creates obvious risk of credential disclosure, logging, reuse, or misuse across systems.

Unvalidated Output Injection

High
Category
Output Handling
Content
def compile_pdf(tex_path: str, output_dir: str) -> str:
    """Compile LaTeX to PDF. Returns path to PDF or raises."""
    result = subprocess.run(
        ["pdflatex", "-interaction=nonstopmode", "-output-directory", output_dir, tex_path],
        capture_output=True, text=True, timeout=30
    )
Confidence
90% confidence
Finding
subprocess.run( ["pdflatex", "-interaction=nonstopmode", "-output-directory", output_dir, tex_path], capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal