ClawHub

Automate Job Application

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate job-application purpose, but it needs review because it can access resume data, store sensitive answers locally, and submit applications under broad activation rules.

Install only if you are comfortable giving the skill access to your ResumeX resume and letting it automate applications after approval. Review saved preferences regularly, avoid storing optional demographic or legal-status answers unless needed, restrict or delete data/user_preferences.json, and verify each application and screening answer before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This guidance tells the agent to persist newly collected answers for reuse, including sensitive diversity and compliance fields such as gender, ethnicity, disability, and veteran status. In a job-application automation skill that aggregates resume data and autofills forms, storing these special-category attributes without explicit, granular user consent and retention limits creates privacy and misuse risk beyond the immediate task.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document says not to assume answers for sensitive salary fields, yet earlier instructions allow auto-filling salary from saved preferences. In a job-application automation skill, inconsistent handling of compensation data can cause inaccurate submissions, unwanted disclosure of salary expectations, and materially harm the user's job prospects.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The guidance derives or defaults visa and work-authorization answers while later stating not to assume answers for sensitive visa fields. In job applications, misrepresenting sponsorship or work authorization can lead to false statements on official forms, automatic rejection, or serious consequences for the user.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The README explicitly states the skill activates automatically on broad phrases like 'apply to jobs', 'job search', and 'find jobs for me', which are common intents that may appear in exploratory or advisory conversations. In the context of a skill that can fetch resume data, search external sites, and eventually automate applications, over-broad activation increases the risk of unintended invocation, premature data access, and confusing or manipulative user experience even if a later approval gate exists.

Vague Triggers

High
Confidence
95% confidence
Finding
The invocation text is so broad that ordinary queries like 'job search' or 'find jobs for me' could trigger a workflow that fetches full resume data, searches third-party sites, stores answers, and prepares for browser automation. Over-broad triggering increases the chance of accidental activation of a high-impact automation skill without informed user intent for data transfer or application submission.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The instructions explicitly force use of this skill whenever broad job-hunting phrases appear, even if the user did not mention ResumeX or request automation. In context, this is dangerous because the skill handles sensitive resume data, stores personal answers, and can ultimately submit applications, so forced invocation undermines meaningful consent and intent verification.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document frames automatic form filling as part of the workflow but does not warn that personal and potentially sensitive application data may be collected, reused, and persisted. In this skill's context, which pulls a full resume, derives additional attributes, and automates submissions, the lack of clear privacy notice and consent increases the chance of users unknowingly authorizing broad handling of personal data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions tell the agent to save user answers into `user_preferences.json` for future reuse without warning the user that responses may be stored persistently. Because this skill handles job-application data that can include salary, visa status, work authorization, and diversity information, silent persistence materially increases privacy risk and potential unauthorized reuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file explicitly positions job-board references and browser automation tips as inputs for constructing searches and automating form filling, but it does not require an explicit per-application consent checkpoint or warn that resumes, contact details, and other personal data will be transmitted to third-party sites. In a skill designed to fetch full resume data and submit applications, this omission materially increases the risk of unintended disclosure and submission of sensitive personal information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The heuristics classify many third-party and company ATS endpoints as 'auto-apply' and instruct the agent to fill forms, including external career pages, Greenhouse, Lever, and other company domains, without a built-in requirement for human review before submission. Because these sites collect resumes, phone numbers, email addresses, employment history, and potentially additional sensitive answers, automatic submission can leak personal data broadly and submit inaccurate or unwanted applications at scale.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill persistently stores screening-question answers for future reuse, but the file gives no upfront privacy warning even though those answers may include sensitive employment, demographic, legal-status, and compensation data. Persistent storage increases privacy risk because the agent can silently accumulate and reuse personal information across applications without sufficiently informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance defaults or derives answers for sensitive screening questions such as work authorization, sponsorship, age, background checks, and drug screening without a strong warning that incorrect autofill could affect applications. In an auto-apply skill, this is especially dangerous because errors can be propagated at scale across many employers before the user notices.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script prints a prompt containing resume-derived personal data such as name, location, summary, work history, education, and achievements directly to stdout. In an automation context, stdout is commonly captured by agent logs, orchestration systems, or shell history equivalents, which can expose sensitive personal information without an explicit consent or privacy boundary.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script persists highly sensitive personal data and screening answers—such as date of birth, address, visa status, disability status, ethnicity, and veteran status—to a local JSON file in plaintext. If the local machine is shared, compromised, backed up to less secure storage, or if file permissions are overly broad, this data can be exposed and abused for identity theft, discrimination, profiling, or unauthorized job application activity. In the context of an auto-job-applier skill, the risk is elevated because the tool is explicitly designed to collect and reuse large amounts of personal and special-category employment data over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal