ClawHub

人力助手(HR Assistant)

Security checks across malware telemetry and agentic risk

Overview

This HR assistant is not malware, but it needs review because it processes and archives sensitive HR records without clear retention or access limits.

Install only after confirming who can access Feishu submissions, parsed HR fields, scores, logs, and archives; where they are stored; how long they are retained; and how deletion or redaction works. Require role-based access, masking by default, limited retention for raw resumes/contracts/onboarding documents, and human approval before employment decisions, compensation changes, contract conclusions, or external submissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The 员工制度问答 workflow is wired to HR09_training_plan_generate and HR07_labor_contract_check, which do not match the stated purpose of answering attendance, leave, payroll, and reimbursement policy questions. This tool mismatch can cause inaccurate or overbroad answers on sensitive HR policy matters, potentially misleading employees or exposing contractual/legal content outside the intended use case.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The template is entirely written in Chinese and provides no indication that language selection is based on user preference, locale, or explicit opt-in. In an HR workflow, this can cause incorrect comprehension of hiring, contract, onboarding, or compliance content, increasing the risk of exclusion, operational error, and mishandling of employment-related information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal