ClawHub

Job Hunter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed job-alert bot that scrapes LinkedIn, stores job matches locally, and sends Telegram notifications, but users should protect the bot token and personal profile data.

Before installing, review the scripts, keep config.json and jobs.db out of version control, restrict file permissions, and consider using environment variables or a secret manager for the Telegram token. Provide only profile fields needed for matching unless you extend CV generation yourself. The bot and cron job will continue contacting LinkedIn and Telegram until stopped, and LinkedIn scraping may be brittle or conflict with service terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill clearly instructs the user to deploy a LinkedIn scraper, Telegram bot, and scheduled network-based automation, yet it has no declared permissions or explicit warning about its network activity. That mismatch reduces transparency and can cause the agent to invoke external communications unexpectedly, which is especially risky because the workflow also handles personal data and bot credentials.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill description overclaims capabilities such as tailored CV generation, deployment, and automated apply behavior that are not actually implemented in the described artifacts. This can mislead users into trusting the system with sensitive career data or assuming actions were completed when they were not, creating operational and privacy risk.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger phrases are broad enough to activate on ordinary job-seeking requests, which may cause the skill to steer general career conversations into scraping, credential collection, and automation setup. In this context, over-triggering increases the chance of unnecessary collection of personal information and accidental deployment of networked tooling.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill instructs collection and storage of highly sensitive personal data and secrets, including name, email, phone, work history, education, LinkedIn URL, Telegram bot token, and user IDs, in a local config file without any explicit warning, minimization guidance, or protection requirements. This creates a significant risk of credential compromise, privacy exposure, and unauthorized bot use if the file, logs, or host are accessed.

Session Persistence

Medium
Category
Rogue Agent
Content
### 7. Start the Bot

```bash
nohup python3 -u bot.py > bot.log 2>&1 &
```

### 8. Set Up Daily Search (Cron)
Confidence
78% confidence
Finding
nohup

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal