AI Job Hunter

Security checks across malware telemetry and agentic risk

Overview

This is a simple job-board search skill with expected network use and no evidence of hidden data access or unsafe behavior, though its documentation promises more features than the code implements.

Safe to install as a basic RemoteOK keyword search helper. Be aware that advertised cover letters, daily digests, salary filtering, and multiple job-board support are not implemented in the included script, and avoid putting sensitive details in USER.md unless you are comfortable with job-matching features using that profile data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill explicitly instructs the user to set their profile in `~/.openclaw/workspace/USER.md` for better matching, but the description does not clearly warn that the skill accesses personal profile data. This creates a transparency and consent issue: users may provide or expose sensitive personal information without understanding it will be read and used by the skill.

VirusTotal

VirusTotal findings are pending for this skill version.