ClawHub

Clawhire Candidate

Security checks across malware telemetry and agentic risk

Overview

This ClawHire job-search skill is coherent, but it needs Review because it sends sensitive resume/profile data to a remote service and changes notification state with weak user-control boundaries.

Install only if you are comfortable giving this skill a ClawHire API key and sending resume/profile details to ClawHire. Confirm before uploading a full resume, avoid sharing unnecessary sensitive details, manually approve any recruiter-visibility activation, and ask that notifications not be marked read unless you explicitly choose that.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to forward the owner's background messages to a remote server and to relay the server's prompts exactly as-is, but the file provides no requirement to disclose this data-sharing behavior or obtain informed consent first. In a job-search context, these messages are likely to contain sensitive personal and career information, and the proxying model also creates a prompt-injection channel from the remote server to the user.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list for profile intake includes broad phrases like "resume," "job search," and common Chinese equivalents that could match ordinary conversation and invoke the skill unexpectedly. Because this skill handles sensitive employment and profile data, unintended activation can lead to unnecessary collection or transmission of personal information to the remote ClawHire service.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation capability uses ambiguous triggers like "activate" that do not clearly signal a high-impact state-changing action. Since activating a candidate profile makes it visible to recruiters, accidental invocation could expose personal profile information without sufficiently informed user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description says it will build profiles, search jobs, and communicate with recruiters, but it does not explicitly warn that resume details and other personal profile data will be sent to remote APIs. In a job-search context, this omission is significant because users may disclose sensitive employment history, contact details, and preferences without understanding the external data flow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to collect and transmit highly sensitive personal data, including phone number, education, work history, salary expectations, and full resume text, to backend endpoints without requiring a clear privacy notice or explicit consent at the point of collection. In a job-search skill this data sharing is expected functionally, but the absence of user-facing disclosure and consent increases the risk of users unknowingly oversharing sensitive information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow says to always check notifications at session start and then mark all notifications as read, even though the user is only shown an aggregate summary and may not have consented to changing notification state. This can cause loss of unread-state tracking and may hide important messages or recruiter outreach from the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal