Back to skill

Security audit

Recruiting

Security checks across malware telemetry and agentic risk

Overview

This recruiting skill is local and not malicious, but it needs review because it can score candidates and encode interview, rejection, hired, or no-hire outcomes despite saying it never makes hiring decisions.

Install only if you will use it as a local, human-reviewed recruiting aid. Keep candidate data minimal, avoid protected-class or unnecessary sensitive information, and treat any score, rating, reject/interview label, or hired/rejected status as a human-entered record rather than an automated recommendation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs use of local scripts and explicitly stores hiring data under `memory/recruiting/`, which implies file read/write behavior, but it does not declare corresponding permissions. Undeclared filesystem access weakens security transparency and policy enforcement because users and hosting platforms cannot accurately assess or constrain what the skill can access or modify.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation presents candidate ratings such as 'Strong hire' and prescriptive actions like 'Reject John Smith or schedule technical' and 'Move Sarah Johnson to decision,' which goes beyond neutral workflow tracking and into decision-support for hiring outcomes. In a recruiting context, this is risky because users may rely on the tool's recommendations as quasi-automated employment decisions, creating fairness, compliance, and bias concerns that contradict the stated limitation that the skill never makes hiring decisions or replaces human judgment.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill explicitly supports a "Reject" recommendation category and even provides a script example to update a screening to "reject," which conflicts with the metadata promise that it must NEVER make hiring decisions. In a hiring context, converting screening output into an operational rejection decision can directly influence or automate adverse employment decisions, creating fairness, compliance, and governance risk.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The stated purpose frames the tool as identifying who is "worth interviewing," which is already close to a gatekeeping employment decision, and the rest of the file extends that into explicit reject outcomes. In this context, the mismatch increases the chance that users rely on the skill as a decision-maker rather than as a limited evidence-summary aid.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script records a candidate `rating` with values such as `strong`, `likely`, `maybe`, and `no_hire`, which constitutes an evaluative hiring recommendation despite the skill metadata claiming it never makes hiring decisions or replaces human judgment. In a recruiting workflow, these labels can strongly influence downstream decisions and create hidden decision support logic, increasing fairness, compliance, and policy risk if users rely on them as de facto hiring outcomes.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The module docstring says the script only updates candidate stage, but the implementation also stores subjective evaluation data (`rating`) and workflow assignments (`next_action`, `owner`). This mismatch is dangerous because understated behavior reduces reviewer and operator awareness, making it easier for recommendation features to be introduced without appropriate scrutiny, governance, or consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file documents storage and tracking of candidate names, emails, notes, ratings, stage history, and communications, which are sensitive recruiting records and may include personal data subject to privacy and employment-law requirements. Because the documentation lacks warnings, minimization guidance, access controls, retention limits, or handling instructions, it normalizes collecting and displaying sensitive applicant data without safeguards, increasing the chance of privacy violations, over-collection, and inappropriate internal exposure.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.