ClawHub

Recruitee

Security checks across malware telemetry and agentic risk

Overview

This Recruitee skill is not overtly malicious, but it gives broad authenticated access to sensitive hiring data with delete and raw API capabilities that are under-scoped for its stated description.

Install only if you intend to let an agent access and potentially change Recruitee hiring records. Require explicit approval before any write, delete, or proxy request; ask the agent to show exact resource IDs and a short action summary first; prefer named Membrane actions over raw proxy calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest states the skill is for managing companies, but the body exposes much broader ATS functionality including candidates, offers, departments, admins, and direct API access. This scope mismatch can mislead downstream agents or users into granting trust or permissions under a narrower description than the skill actually enables.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The generic proxy request feature allows arbitrary authenticated calls to the Recruitee API, bypassing the narrower action catalog and effectively expanding the skill to full API access. In an agent setting, this materially increases the chance of overbroad data access or unintended mutation beyond the stated use case.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises destructive operations like delete-candidate, delete-offer, and delete-interview-event without any guidance for confirmation, authorization checks, or safe handling. In agentic workflows, omission of confirmation requirements increases the risk of accidental or overly autonomous destructive actions against production hiring data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The proxy request section describes arbitrary HTTP methods including POST, PUT, PATCH, and DELETE but provides no warning that these can directly modify or remove live ATS data. Because proxy calls bypass curated action semantics, they raise the chance of unsafe writes, broad endpoint access, and accidental destructive requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal