ClawHub

UP 简历求职助手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate job-search and resume assistant, but it needs review because it can set up persistent local automation and handles sensitive resume data without strong consent and privacy boundaries.

Install only if you trust the UPCV MCP server and are comfortable giving it API-key access to resume and job-search data. Before enabling monitoring, review the generated script and scheduled task, approve the exact files and commands, and remove only this skill's cron or launchd entry when disabling it. Avoid storing ID numbers, photos, secrets, or filled application values in ATS records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documented workflow instructs the agent to create a local shell script and install persistent scheduled execution on the user's machine. Even if intended for convenience, this crosses from informational job assistance into system modification and persistence, which increases abuse potential and can cause unauthorized recurring actions if triggered without explicit, informed consent.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill includes launchd and cron configuration, which are OS-level persistence mechanisms. For a resume/job-search assistant, this capability is unusually powerful and broadens the trust boundary from data retrieval to modifying host automation settings, making accidental or deceptive persistence more dangerous.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include broad, everyday job-seeking language such as '找工作' and similar terms that users may say in normal conversation without intending to invoke this skill. In an agent environment, this can cause unintended activation and lead to resume access, job-search actions, or downstream MCP-connected operations being initiated in the wrong context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that operations sync data in real time with the UP 简历 web platform and also advertises daily monitoring, but it does not clearly warn users about what personal data is transmitted, stored, or processed across systems. Because this skill handles highly sensitive employment data such as resumes, preferences, and job-tracking activity, missing privacy/transparency disclosures increase the risk of unintended data exposure and uninformed consent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill metadata advertises broad trigger phrases such as '找工作' and '投递', which are common conversational terms and can cause the skill to activate when the user did not intend to invoke it. In this skill, unintended activation is more dangerous than usual because the skill can access resume data, search jobs, and lead into file-writing or scheduling workflows.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger table lists multiple ambiguous phrases like '新建简历', '找工作', and '每日推荐' without clear disambiguation or invocation requirements. Because the skill supports persistent actions and sensitive-data workflows, accidental activation could expose personal data or start actions the user did not explicitly request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The job-monitoring section instructs creation of a local script and launchd/cron scheduled task and writes reports under the user's home directory, but the skill description does not clearly warn about these side effects. Hidden persistence and filesystem writes are security-relevant because they can surprise users, consume resources, and create ongoing data collection without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill proposes extracting resume-derived structured data and storing ATS form structures in a local directory, but it does not present a clear privacy notice or data-handling warning. In context, this is sensitive employment and personal information, so silent retention increases the risk of unintended disclosure, overcollection, or later misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to store ATS form structure and company-specific application experience in memory files for reuse, but it does not require clear user consent, retention limits, or data-minimization rules. In a job-application context, this can lead to persistent storage of sensitive application metadata and accidental retention of personal or company-specific details beyond the user's expectations.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list includes broad natural-language phrases such as "找工作", which can match many general employment-related requests and cause this skill to activate when a more appropriate skill should handle the task. In a multi-skill agent, over-broad routing can expose users to unintended tool use, wrong workflow transitions, and confusion about what data is being queried or shared.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation such as asking for recommendations or reminders, which could invoke a skill that proposes local automation and persistence. Overbroad activation increases the chance of the skill being used in contexts where the user did not intend system-level setup.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description and workflow do not prominently warn users that setup will create a shell script, write files under the home directory, and register a scheduled task. This lack of transparency undermines informed consent and makes persistence-related behavior more risky than the user would reasonably expect from the description alone.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include broad everyday expressions such as “找工作” and “社招”, which can cause the skill to activate in contexts where the user did not intend to invoke this specific tool. In an agent environment, over-broad routing can expose user queries to external MCP tools unexpectedly, causing unintended data sharing or incorrect workflow execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs collection of sensitive personal data including name, phone number, email, city, and personal website, but does not clearly warn the user that this data will be transmitted to external MCP tools/services. In a resume workflow this increases privacy risk because users may disclose personally identifiable information without informed consent or understanding where it is stored and processed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to catch many generic resume-related requests, which can cause the skill to activate outside its intended scope. In an agent ecosystem, over-broad routing can expose resume data or invoke edit/export/delete-capable tools when the user only asked for advice, increasing the risk of unintended actions or privacy-impacting operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal