ClawHub

Alumni Career Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a local alumni career analytics tool that handles personal alumni data, so privacy practices matter but the artifacts do not show hidden collection, exfiltration, or unsafe automation.

Install only if you are prepared to handle alumni personal data responsibly. Obtain consent, avoid collecting salary or LinkedIn details unless necessary, keep exports private, share only aggregate reports publicly, and consider pinning dependencies or using an isolated Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documented `--update-linkedin` and LinkedIn monitoring behavior expands data collection beyond core alumni analytics into third-party profile tracking, creating privacy and consent risk. In this context, scraping or refreshing personal employment data from LinkedIn can collect, process, or infer sensitive professional information without a clearly stated lawful basis or user consent workflow.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The skill claims reports should be anonymized and aggregate-only, yet the examples include exporting identifiable alumni contacts for outreach. This creates a real risk of unauthorized disclosure of personal data and function creep from analytics into targeted contact list generation, which is especially sensitive in an academic mentoring context.

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
pandas
rich
Confidence
92% confidence
Finding
dataclasses

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
pandas
rich
Confidence
98% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
pandas
rich
Confidence
91% confidence
Finding
rich

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal