ClawHub

Hr Candidate Discovery Screening

Security checks across malware telemetry and agentic risk

Overview

This recruiting skill is mostly transparent and approval-gated, but it needs Review because it hard-codes mainland-China candidate eligibility and sends sensitive HR, paper, job, and email-thread data to DeepSeek.

Install only if your organization has approved this exact geography-based recruiting scope and has a lawful basis for using mainland-China affiliation in candidate discovery and outreach. Confirm DeepSeek may receive publication metadata, job descriptions, and complete recruitment email threads, and use it only with human approval, configured retention, and an approved mailbox account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to use shell commands, read and write local files, access environment variables, use a networked model API, and operate email tooling, yet it declares no explicit permissions. That mismatch undermines sandboxing and user understanding, and in an HR workflow it exposes sensitive candidate data, mailbox actions, and API secrets to capability overreach if the platform grants tools implicitly.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is scoped specifically to 'China-mainland AI recruitment candidates' without user opt-in or a documented lawful/business justification in the file. Geography-based targeting in hiring can create discriminatory screening behavior and legal/compliance risk, especially because the rest of the workflow automates collection, matching, and outreach around that restricted population.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends paper titles and abstracts to an external DeepSeek keyword-generation service, which is a third-party data transfer. In an HR candidate discovery and screening context, publication metadata can be used to profile individuals and may constitute personal or sensitive professional information, so undisclosed external transmission creates privacy, compliance, and data-governance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code sends full paper content and job data to an external matching client via `client.match_paper(...)` without any visible consent, minimization, or policy enforcement at this call site. In an HR screening context, research papers and job criteria can contain personal data, inferred candidate profiling signals, or confidential recruiting strategy, so transmitting them to a third-party model service creates a meaningful privacy and data-governance risk.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The code explicitly blocks outreach unless a candidate has a verified mainland-China affiliation, which is a hard-coded region-based eligibility gate rather than a user-selected or documented compliance filter. In this HR recruiting context, that creates a discriminatory targeting mechanism tied to geography/national origin and directly affects who can be contacted, making the skill more dangerous because the skill is specifically designed for candidate discovery and screening.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends the full inbound email thread, labeled only as 'untrusted_email_thread', to an external DeepSeek classifier. In an HR recruiting workflow, replies can contain personal data, employment details, contact information, and other sensitive applicant content; exporting the full thread to a third party without visible minimization, consent handling, or policy enforcement creates a real privacy and data-governance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal