ClawHub

Placed Resume Optimizer

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it stores an API key on disk by default and sends sensitive resume-related data to an external service without enough user-facing privacy guidance.

Install only if you are comfortable using the Placed/Exidian service for resume processing. Use a dedicated revocable API key, avoid unnecessary personal or confidential details, consider keeping the key session-only instead of saving it to ~/.config/placed/credentials, and rotate or remove the key if you no longer use the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to read credentials from a local file and persist a user-provided API key to disk, which expands access to sensitive local data beyond what is necessary for a one-off resume optimization task. This creates unnecessary credential exposure and long-lived secret storage without user consent, rotation guidance, or filesystem permission controls.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The API guide exposes a `generate_resume_from_prompt` capability that goes beyond the skill's stated purpose of optimizing existing resumes. This scope expansion matters because it enables collection and processing of substantially more sensitive personal and employment-history data than users would reasonably expect from an optimization-only skill, increasing privacy and misuse risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Resume creation is a materially different capability from checking ATS fit or optimizing bullets, and it is not justified by the skill's declared optimizer role. In practice, this can bypass least-privilege expectations by encouraging users or calling agents to provide full career histories and other sensitive data to a skill they believed had a narrower function.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill tells the user to save an API key in plaintext under ~/.config/placed/credentials with no warning about local compromise, file permissions, shared accounts, backups, or shell history risks. Plaintext credential persistence can expose the key to other local processes or users and prolongs the blast radius if the machine is compromised.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is explicitly designed to send resume content and job descriptions to an external service, but it provides no privacy notice or data-handling disclosure. Resumes commonly contain PII, employment history, contact information, and other sensitive career data, so silent transmission to a third party creates privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented optimization and generation endpoints process highly sensitive personal and employment data, including work history, skills, and potentially contact or educational details, yet the guide provides no warning, consent guidance, retention statement, or handling constraints. This omission increases the chance of unsafe collection, over-sharing, and non-compliant processing of user data by agents integrating with the API.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal