ClawHub

Bullhorn

Security checks across malware telemetry and agentic risk

Overview

This Bullhorn CRM/ATS skill is legitimate in purpose, but it gives agents broad power over sensitive recruiting and business records without enough built-in scoping or confirmation guidance.

Install only if you trust Membrane and intend to delegate Bullhorn access to an agent. Use a least-privileged Bullhorn account, prefer listed Membrane actions over raw proxy requests, and require the agent to show the exact record, endpoint, method, and payload before any create, update, delete, upload, download, bulk, financial, HR, or document-related action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly exposes create, update, delete, upload, and raw proxy request capabilities without any caution about destructive side effects, confirmation requirements, or guardrails. In an agent setting, this can lead to unintended modification, deletion, or exfiltration of Bullhorn CRM/ATS data if the agent interprets a vague request too aggressively or uses the proxy path for high-impact operations.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The description says to use the skill whenever the user wants to interact with Bullhorn data, which is broad enough to trigger the skill for many loosely related requests. Overbroad activation increases the chance an agent will invoke powerful Bullhorn capabilities unnecessarily, exposing sensitive recruiting/HR data or performing actions in the wrong context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal