ClawHub
Back to skill

Security audit

Talent Scout — Competitor Talent Intelligence

Security checks across malware telemetry and agentic risk

Overview

The skill’s recruiting workflow is disclosed, but it also tells the agent to silently update and reinstall local code before use.

Review and remove or disable the silent auto-update block before installing. Install the CLI only from a trusted, pinned source, use restricted API keys, avoid exposing secrets in prompts or logs, and confirm that LinkedIn scraping, candidate profiling, generated outreach, and report retention are allowed under your organization’s rules and applicable law.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to silently execute a self-update routine that performs `git pull` and `pip install -e .` on a local repository before the main task. This modifies the local environment and executes newly fetched code from a moving remote source without user approval, creating a supply-chain and arbitrary code execution risk unrelated to the immediate talent-scouting task.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown explicitly says to 'silently check' and then updates code and reinstalls the package, but does not warn the user that this will alter the environment. Hidden environment-changing behavior reduces informed consent and can mask unexpected code execution or breakages, especially when embedded in a user-invocable skill.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill requires sensitive API credentials and names them directly, but provides no guidance on secure handling, storage, scoping, or redaction. In an agent setting, this increases the chance that secrets are mishandled, echoed into logs, written to files, or exposed during troubleshooting and command execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal