ClawHub

Boss Cli

Security checks across malware telemetry and agentic risk

Overview

This BOSS job-search skill is purpose-aligned, but it needs Review because it recommends browser-cookie login and can send real messages from the user's recruiting account.

Install only if you trust `kabi-boss-cli` and are comfortable granting access to your BOSS直聘 account session. Prefer QR login or a separate browser profile over automatic cookie import, use dry-run before batch greetings, and manually confirm any message or export involving private job-search data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description says it should trigger whenever a user needs to search jobs, view company information, manage applications, or contact HR, but it does not define narrow activation boundaries or require explicit user confirmation for sensitive actions. In an agent setting, this can cause over-broad invocation and accidental execution of authenticated actions such as viewing private application data or contacting recruiters on the user's behalf.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The authentication section recommends automatic browser cookie detection without warning the user that the tool may access and reuse browser session cookies for BOSS直聘 authentication. Because this skill interfaces with a reverse-engineered API and exposes account-level features like messages, applications, and greetings, silent cookie access materially increases the risk of credential/session misuse and unexpected access to sensitive account data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal