ClawHub

Job Search Tailor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it searches jobs, tailors resumes, and stores job-search state locally, but users should understand that resume-derived files persist on disk.

Install only if you are comfortable providing resume content and having tailored resume files, config, and seen-job history stored locally under ~/.job-search. Review or delete that directory when you no longer need the skill, and keep Google Docs disabled unless a future version clearly implements and explains credential handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the agent to execute local Python scripts and read/write files under the user's home directory, but it declares no permissions or user-facing notice about these capabilities. This is dangerous because the skill handles sensitive resume content and persistent job-tracking state, so hidden shell and filesystem access can expose or modify personal data without informed consent or appropriate sandboxing.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Broad trigger phrases like 'job search' and 'find me jobs' can cause the skill to activate on ordinary conversation and begin collecting resume data, reading local files, or writing persistent artifacts unexpectedly. In this skill, accidental activation is more dangerous because the workflow includes sensitive personal data handling and local persistence in the user's home directory.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requests highly sensitive resume text and then stores tailored resumes and tracking data on local disk, but the description does not clearly disclose this retention behavior up front. This can lead users to reveal personal employment history, education, contact details, or other PII without understanding that it will persist in plaintext files under their home directory.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly describes automatically creating a new archetype file and updating config.json when no match is found, but it does not mention any user confirmation, review step, or bounds on where files may be written. In a skill that processes untrusted job descriptions and personal resume data, silent local file modification can lead to unexpected persistence, accidental overwrite/sprawl, and storage of sensitive tailored resume content without the user's informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script prints the entire configuration JSON to stdout, and this config likely contains sensitive personal data for a job-search skill such as resume content, target roles, locations, delivery preferences, or API/session-related settings. In agent or automation environments, stdout is often captured in logs, surfaced to other tools, or exposed to users, so dumping full config contents can unintentionally leak sensitive information.

Session Persistence

Medium
Category
Rogue Agent
Content
For each result URL, `web_fetch` the full page to extract:
- Job title, company, location, salary (if shown), full job description

### A3. Create archetypes

Analyze the user's resume text alongside 3–5 of the fetched job descriptions.
Identify 3–5 natural clusters of role types that appear in the JDs and align with
Confidence
80% confidence
Finding
Create archetypes Analyze the user's resume text alongside 3–5 of the fetched job descriptions. Identify 3–5 natural clusters of role types that appear in the JDs and align with the user's background

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal