AI Interview Simulator

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented Candaigo interview-simulator API guide; it sends resumes and interview data to Candaigo when used, but that behavior is disclosed and matches its purpose.

Install only if you trust Candaigo with interview content and resumes. Use a dedicated API key, do not expose it in shared chats or public code, and explicitly approve resume uploads, room starts, speech sends, and interview-advance actions. Redact unnecessary personal information from resumes before upload and check Candaigo's privacy and retention terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents uploading resumes, which commonly contain highly sensitive personal data, to a third-party remote service without any explicit privacy, retention, consent, or handling warning. This creates a real privacy/security risk because users or downstream agents may transmit PII without understanding that the content leaves the local environment and may be stored or processed remotely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal