Job Search

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it helps search external job boards through a JobSpy MCP server, with no hidden file access, credentials, or destructive actions found.

Install it only if you are comfortable running the referenced JobSpy MCP server and sending job-search terms, locations, and filters to external job sites. Use a virtual environment, keep result counts reasonable, and avoid including sensitive personal details in searches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs agents to send user-provided job queries, locations, and related search parameters to a third-party MCP server and onward to external job platforms, but it does not warn users that this data leaves the local environment. This creates a privacy and transparency issue because users may unknowingly disclose sensitive employment interests, geographic data, or other personal context to external services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal