ClawHub

tech recruiter pro

Security checks across malware telemetry and agentic risk

Overview

This recruiting skill is mostly coherent, but it includes under-scoped cross-platform candidate profiling and explicit guidance to continue after anti-bot challenges using a proxy.

Review before installing. Use this only for lawful, job-relevant recruiting with approved data sources, official APIs where available, and clear candidate notice or opt-out where required. Do not follow the proxy/captcha workaround; treat anti-bot challenges as a stop condition. Store any exported reports or Feishu records in restricted locations, minimize collected personal data, and avoid committing API tokens or config files containing secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (22)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document makes an absolute security claim that the skill will not send data to unauthorized third parties, while elsewhere it explicitly introduces integrations with external services such as GitHub, LinkedIn, Twitter/X, and Feishu. This inconsistency can mislead users and reviewers about actual data flows, causing them to underestimate privacy and compliance risk when candidate data may be transmitted off-host under some configurations.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file asserts the skill will not violate robots.txt, yet elsewhere describes HTML parsing, CSS selectors, and scraping-style collection on platforms that may lack official APIs or prohibit automated access. Such overbroad assurances can encourage unsafe deployment and obscure legal/compliance exposure, especially if operators assume the implementation already enforces per-site restrictions when it does not.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill explicitly instructs users to "pause 5 minutes, use proxy IP" when Google Scholar presents a captcha, which is anti-abuse evasion guidance. That directly contradicts the later security declaration that the skill will not bypass platform authentication or platform protections, and it can facilitate scraping in ways that violate site terms or trigger account/IP enforcement.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill claims it will not violate robots.txt or bypass protections, but its documented scraping workflow includes behavior intended to continue collection after anti-bot challenges. This inconsistency is dangerous because users may rely on the safety declaration while following instructions that encourage non-compliant scraping and evasion of platform safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The release notes advertise cross-platform candidate search, profile analysis, and personalized outreach, but provide no warning about privacy, consent, scraping restrictions, or responsible use of personal data. In a recruiting context, this omission can normalize collecting and using candidate information from multiple external services without clear safeguards, increasing the risk of privacy violations, policy breaches, and harmful unsolicited outreach.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The configuration section lists several API tokens but does not instruct users to store them securely or avoid hardcoding and sharing them. This can lead to credential leakage in source control, logs, or documentation, enabling unauthorized access to third-party accounts and APIs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This preview describes cross-platform candidate sourcing, profiling, scoring, and automated outreach using public data, but it does not present a concrete in-product consent, disclosure, retention, or lawful-basis workflow. Even if the data is public, aggregating it across platforms and using it for recruiting decisions can create privacy, compliance, and fairness risks, especially when exported or used for automated follow-up.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide encourages exporting candidate lists and recruitment reports, which likely contain personal data, but gives no guidance on consent, access control, retention, or secure handling. In a recruiting context this increases the risk of unauthorized disclosure, over-sharing, or noncompliant processing of candidate information.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The workflow describes analyzing named candidates, reviewing publication and GitHub profiles, and generating personalized outreach without any notice that personal profile data will be processed. In a recruiting skill, this omission is material because users may input or aggregate personal data from multiple sources without understanding privacy expectations, lawful basis, or minimization requirements.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section explicitly describes building a unified candidate profile by aggregating personal and professional data from multiple platforms, but provides no guidance on consent, lawful basis, data minimization, retention, or access controls. In a recruiting skill, this increases the risk of privacy-invasive profiling, noncompliant processing of personal data, and downstream misuse of sensitive inferences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples show searching for named individuals, usernames, and employer affiliation across multiple services for recruiting evaluation without any privacy warning or anti-doxxing safeguards. That makes the workflow more dangerous because it normalizes targeted profiling of identifiable people and could facilitate intrusive vetting or collection of excessive personal data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly encourages building a unified candidate profile by aggregating data from multiple platforms, including professional, academic, and community sources, but provides no privacy, consent, retention, or lawful-basis guidance. In a recruiting context, this can enable excessive profiling, collection of sensitive personal data, and misuse of cross-platform identity correlation, creating compliance and privacy risk even if no exploit code is present.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API configuration examples include environment variables for secrets and bot tokens but do not warn about secure secret handling, least privilege, rotation, or avoiding commits/logging. This omission can lead users to expose credentials in shell history, screenshots, repositories, CI logs, or shared environments, which may allow unauthorized access to third-party accounts and data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide explicitly shows storing a live Twitter Bearer Token in config.ini, which encourages placing long-lived credentials in a file that may be committed to source control, copied into logs, or exposed through backups and screenshots. In this context, the skill is an operational guide for API usage, so the example is more dangerous because readers are likely to follow it verbatim and handle real credentials insecurely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The report export writes recruiter-collected personal data, including names, employer, position, research areas, citation metrics, and profile links, to a local markdown file without consent controls, minimization, access restrictions, or even an explicit warning. In a recruiting context this is sensitive professional profiling data, and silent disk persistence increases the chance of unintended disclosure through shared workspaces, backups, or temporary directories.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The example trigger '搜索 RLHF 方向候选人,目标公司 Moonshot/DeepSeek/DeepMind' is broad enough that ordinary recruiting requests could invoke this skill without clearly signaling that it will perform multi-platform people search and candidate profiling. In a skill that aggregates data from GitHub, Google Scholar, social platforms, and pipeline tooling, ambiguous activation increases the chance of unintended collection and processing of personal data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest advertises candidate search, smart profile analysis, personalized email generation, and pipeline management, but the top-level description does not present a clear privacy notice or consent/data-handling warning to the user. Because the skill is explicitly designed to collect, correlate, and operationalize information about identifiable individuals across multiple platforms, insufficient disclosure raises privacy, compliance, and misuse risks.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
lxml>=4.9.0
Confidence
87% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
lxml>=4.9.0

# Optional dependencies
Confidence
87% confidence
Finding
beautifulsoup4>=4.11.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
lxml>=4.9.0

# Optional dependencies
# github-api  # For enhanced GitHub search
Confidence
90% confidence
Finding
lxml>=4.9.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
requests

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
92% confidence
Finding
lxml

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal