ClawHub

Jobs Skill

Security checks across malware telemetry and agentic risk

Overview

This recruiting skill is coherent, but it gives broad default access to full candidate and job records that may expose sensitive personal data.

Review before installing. Use this only with a Supabase project you control, restricted credentials, row-level security, and explicit consent from candidates and recruiters. Configure the agent to minimize returned fields, avoid broad raw-row display, and treat the local inbox and checkpoint files as sensitive data with retention and cleanup controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs collection and transmission of sensitive candidate and recruiter personal data to Supabase, including names, emails, age, education, employment history, and locations, but does not require explicit user notice, consent, or minimization before upload. In this context, the skill is specifically designed to process recruiting data, which makes the omission more dangerous because handling PII is core functionality and routine use could normalize undisclosed external transmission.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the bot to append push events to a local inbox file, but gives no explicit warning that those events may contain sensitive job or profile data that will be persisted on disk. This creates a local data-at-rest exposure risk, especially on shared systems or endpoints with weak filesystem protections, and the watch mode makes the storage continuous rather than incidental.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly requires returning full available profile fields in responses, which can expose sensitive personal data such as email, age, education history, employment history, and locations to users who may not need all of it. In a recruiting workflow this is particularly risky because the system is handling inherently sensitive HR data, and broad field disclosure violates least-privilege and data-minimization principles.

Ssd 3

High
Confidence
98% confidence
Finding
The instructions to return actual database rows with raw fields and to show every available field create a strong risk of oversharing stored sensitive data, including fields not intended for routine display. This is more dangerous in context because the system is positioned as a live hub for profiles and job posts, so routine queries could become a direct exfiltration path for confidential or regulated personal information.

Ssd 3

Medium
Confidence
90% confidence
Finding
Persisting profile and job push events to a local inbox file creates a standing local log of sensitive user and recruiting activity, which may be accessible to other processes, users, backups, or forensic tooling. Because watch mode is ongoing, the exposure can accumulate over time and become a high-value target even if each individual event is small.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal