ClawHub

Recruiter Assistant

Security checks across malware telemetry and agentic risk

Overview

This recruiting skill mostly matches its stated purpose, but it needs Review because it can expose sensitive candidate data through public document sharing and uses unsafe shell-based file processing.

Install only after reviewing the data-handling risk. Use it with trusted local files, avoid untrusted filenames, sandbox PDF conversion, and do not allow public Feishu links or HR messages unless a recruiter explicitly approves exactly what candidate data will be shared and with whom.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill metadata and documented behavior do not align: the file presents a resume-screening and salary-benchmarking assistant, but the described workflow also includes interview-question generation, interview summarization, external HR messaging, and references to document creation/sharing and file processing not reflected in the declared scope. This is dangerous because hidden or under-disclosed capabilities can cause unintended data handling and exfiltration of sensitive candidate information, especially in a recruitment context involving resumes, interview notes, and salary expectations.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script invokes local shell commands on files derived from external workflow input, which expands the attack surface beyond ordinary resume evaluation. Even though file paths are quoted, using shell execution for document conversion and downstream processing increases risk from unsafe filenames, malicious files, environment manipulation, or abuse of privileged local tooling if this skill runs in an automation environment.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script instructs the agent to create a Feishu document containing candidate evaluation data, which expands behavior beyond local resume screening into external publication and document management. In a recruitment context, this creates unnecessary data handling and increases the attack/privacy surface because candidate information may be transmitted to third-party systems without clear consent or necessity.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Directing the agent to publish the final report as a public Feishu document link is a serious data exposure risk because resumes and candidate assessments often contain personal and sensitive employment information. The recruitment-assistant context makes this more dangerous, not less, because the processed content is inherently privacy-sensitive and public sharing is not required for core screening functionality.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script converts PDFs into plaintext files under `/tmp`, which can expose sensitive resume data on a shared system through predictable temporary-file handling, residual files after failures, or weaker filesystem hygiene. Because resumes often contain PII, employment history, contact details, and compensation data, this creates a meaningful confidentiality risk even if the behavior is not overtly malicious.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints screening output to stdout immediately after labeling the file for the agent, and that output is likely to contain extracted resume contents or detailed candidate data. In a recruitment context this is especially sensitive because resumes contain PII and professional history, and stdout may be captured by logs, terminals, CI systems, or orchestration layers, causing broad unintended disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Resume contents are sensitive personal data, and this script reads and forwards that data for additional processing without any visible consent, disclosure, retention controls, or minimization. In a recruitment context this is more dangerous because resumes routinely contain names, contact details, employment history, and other regulated personal information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Printing the full resume content to stdout can expose personally identifiable information in terminal history, logs, CI output, or monitoring systems. Because resumes routinely include names, contact details, employment history, and sometimes IDs or education records, this is an avoidable confidentiality issue in a hiring workflow.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instruction to create a public Feishu document from candidate data sends sensitive information to an external service and exposes it via a shareable link without any disclosure, warning, or consent step. In a recruiting skill, this is especially dangerous because candidate resumes and evaluations are confidential HR data and may be subject to legal and contractual privacy obligations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal