RoboHire

Security checks across malware telemetry and agentic risk

Overview

This is a text-only RoboHire product reference skill; it is coherent and non-executable, but its hiring workflows involve sensitive candidate data.

Safe to install as a reference skill, but before using RoboHire for real candidates, review its privacy, consent, retention, human-review, bias, recording, and employment-law practices for resumes, interviews, AI scoring, and cheating detection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill encourages uploading resumes, ranking candidates, sending interview outreach, and using interview analysis, all of which involve sensitive personal data and potentially regulated employment information. Presenting these workflows without any privacy, consent, retention, or lawful-use warning can lead users to process candidate data in ways that violate internal policy or privacy/employment laws.

Missing User Warnings

High

Confidence: 95% confidence
Finding: AI video interviewing with real-time analysis and cheating detection is a high-sensitivity activity because it may involve recording biometrics, voice, behavior, and inferred characteristics. Omitting any notice about consent, jurisdiction-specific recording laws, automated decision-making restrictions, or candidate disclosure materially increases the risk of unlawful surveillance and discriminatory hiring practices.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal