ClawHub

Auto Job Applying Agent

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but it needs review because it can submit real job applications with personal data and contains a misleading browser-automation disclosure.

Review before installing. Keep AUTO_APPLY_MODE=false, approve only specific jobs, use a dedicated revocable Resumex API key, avoid Telegram delivery unless needed, and install dependencies in a virtual environment. Be aware that submitted applications and tracker logs may be difficult or impossible to undo.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The privacy notice says no outbound calls are made other than Resumex and optional Telegram, yet the documented auto-apply flow explicitly submits resume data to third-party job portals through browser automation. This is dangerous because users may consent under a materially false understanding of where their personal data will be transmitted.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The docstring explicitly claims the browser is transparent and detectable, but the implementation later launches Chromium with `--disable-blink-features=AutomationControlled`, which suppresses a common automation signal. In a job-application automation skill handling sensitive personal data, this mismatch is security-relevant because it misrepresents actual bot-evasion behavior to users and reviewers, undermining informed consent and trust assumptions.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The inline comment states there is no stealth or bot-detection evasion, yet the launch arguments include `--disable-blink-features=AutomationControlled`, an anti-detection measure. This is dangerous because the skill automates submissions to third-party job portals while presenting itself as honest and non-evasive, creating deceptive behavior that may violate platform expectations and expose users to account or application risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits resume contents, which commonly include sensitive personal data such as name, email, phone, location, employment history, and education, to Telegram once bot credentials are present. Although this appears to be the feature's intended behavior, there is no explicit consent checkpoint or warning at send time, which increases the risk of accidental disclosure to a wrong chat, compromised bot, or unintended third-party platform.

Unpinned Dependencies

Low
Category
Supply Chain
Content
#
# Approx. disk usage after install: Playwright package ~10MB, Chromium binary ~300MB.

playwright>=1.42.0
requests>=2.31.0
Confidence
95% confidence
Finding
playwright>=1.42.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Approx. disk usage after install: Playwright package ~10MB, Chromium binary ~300MB.

playwright>=1.42.0
requests>=2.31.0
Confidence
98% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
91% confidence
Finding
requests

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal