ClawHub

JD智能解读

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly purpose-aligned, but it needs Review because it can turn untrusted job-description content into a local interactive HTML report without escaping it.

Install only if you are comfortable with it creating local JD analysis files and opening generated HTML from sources you trust. Avoid using it on job pages or pasted JD text from untrusted sources until the report generator escapes or sanitizes all fields and ideally disables inline script execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The report generator interpolates untrusted JSON fields directly into HTML text, attributes, inline styles, SVG text, and event-adjacent DOM without any output encoding. Because the skill ingests arbitrary JD content from pasted text, uploads, or URLs, an attacker can place HTML or JavaScript payloads in the source data and produce a report that executes script when opened, resulting in stored/client-side XSS.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad, natural-language phrases such as '这个岗位要什么', '帮我分析这个职位', and generic English variants, which can cause the skill to activate in situations where the user did not explicitly intend to invoke it. Over-broad invocation can lead to unintended web fetching, file processing, or report generation on user-provided content, increasing the attack surface and causing confusing or privacy-impacting behavior.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The schema reference explicitly instructs the model to generate report content in Chinese without presenting a user-selectable language option. This can override or conflict with a user's language preference, causing unwanted disclosure, exclusion, or unsafe misunderstanding in multilingual contexts, especially when the skill ingests arbitrary external JD content and may be used by non-Chinese-speaking users.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This file writes a local HTML report containing raw, unescaped input-derived content with no warning to the user that opening the file may execute attacker-controlled markup or script. In this skill’s context, the source content may come from arbitrary job descriptions or remote URLs, so the generated report becomes a persistence mechanism for malicious payloads that fire later in the browser.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal