Job Watch

Security checks across malware telemetry and agentic risk

Overview

This markdown-only job-search skill is coherent and purpose-aligned, with local report writing disclosed and limited to its own workspace.

Before installing, review the profile, scoring, and platforms files and avoid putting secrets, passwords, or unnecessarily sensitive personal details in them. Expect the skill to query public job boards and save local markdown reports in its OpenClaw workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to write a report to a local path without any user confirmation or notice at execution time. While the file content appears related to the stated job-search purpose and the path is within the skill workspace, silent local writes still create a side effect the user may not expect and could overwrite or accumulate files without consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal