ClawHub

JD + 简历 → 面试题预测助手

Security checks across malware telemetry and agentic risk

Overview

This interview-prep skill appears to do what it promises, but it does not clearly warn users that resume and job-description content can be sent to a third-party LLM service.

Install only if you are comfortable sending resume and job-description content to the configured LLM provider, which defaults to DeepSeek unless changed. Redact contact details and confidential employer information first, verify the API key and endpoint, and write exported reports only to a private location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable capabilities such as shell execution, file writing, environment access, and potential network use, but does not declare permissions or boundaries. In a skill that processes untrusted user-supplied files and paths, this creates unnecessary risk because the agent may access local resources or write outputs without clear user consent or sandbox constraints.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script reads API credentials and sends user-provided JD and resume content to an external LLM service, but the skill description does not disclose this external transmission of potentially sensitive personal and hiring data. In a resume-analysis context, this is materially risky because resumes commonly contain PII, employment history, contact details, and other confidential information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill asks users to provide resumes and job descriptions, which commonly contain sensitive personal and professional data, then states that results may be exported to a local file. Without a privacy warning, retention notice, or guidance on handling sensitive content, users may unknowingly expose personal data in generated artifacts or on shared systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code transmits the full JD and resume-derived prompt to an external LLM API without warning the user that sensitive personal data may leave the local environment. In this skill context, that is especially dangerous because resumes often include PII and confidential employment details, and users may reasonably assume a local analysis workflow.

Ssd 1

Medium
Confidence
95% confidence
Finding
Untrusted JD and resume text is inserted directly into the user prompt with no defensive instruction such as telling the model to treat document contents as data rather than commands. Because resumes or job descriptions can contain adversarial natural-language content, an attacker could manipulate the model into ignoring the requested structure, leaking hidden instructions, or generating unsafe/irrelevant output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal