ClawHub

UP 简历 - 让 Agent 帮你写简历找工作

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking resume and job-search assistant, but it handles sensitive resume data and can optionally create a recurring local job monitor.

Install only if you trust UP Resume and the @upcv/mcp-server package. Keep the API key secret, review resume edits and deletes before approving them, enable the daily monitor only if you want a cron or launchd task to keep running, and avoid storing ID numbers or filled application values in ATS records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (21)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to create a local shell script and register persistent scheduled tasks via launchd/cron. That crosses from informational job assistance into host modification and persistence, which is risky because it can cause ongoing unattended execution, consume external services, and make later behavior harder for the user to audit or stop.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The documented implementation silently delegates the core workflow to the external `claude` CLI even though the skill presents itself as an MCP-tool-based monitor. This hidden dependency expands the trust boundary, may execute with different permissions or config than expected, and can lead to behavior users and reviewers did not consent to or accurately assess.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The dependency section understates the actual implementation by listing only MCP tools while the workflow also relies on the `claude` command and OS scheduling mechanisms. Incomplete disclosure is dangerous because it prevents informed consent and obscures the real attack surface, especially where persistence and local execution are involved.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The documented trigger phrases include broad, everyday terms like '找工作' and '投递', which can cause the skill to activate in situations where the user did not intend to invoke this specific integration. In a skill that can search jobs, monitor openings, and guide applications, unintended invocation increases the risk of unnecessary data access, confusing workflow changes, or accidental interaction with external systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that resume operations and web data are '实时互通' and later describes daily monitoring and cross-platform synchronization, but it does not clearly warn users about what data is stored, shared, retained, or sent to external services. Because resumes and job application workflows involve sensitive personal information, lack of explicit disclosure can lead to users exposing PII, employment history, and preferences without informed consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The top-level description includes broad phrases such as '找工作' and '投递', which are common user intents and can cause the skill to activate in situations where the user did not explicitly request this specific integration. Overbroad activation increases the chance of unintended access to resume, job-search, or local-file workflows, especially because the skill can create files and guide persistent monitoring tasks.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The function table lists multiple generic triggers across core workflows, including resume editing, job search, monitoring, and application preparation, without disambiguation rules. In context, this is more dangerous because the skill supports sensitive actions like exporting resumes, preparing ATS data, and creating local monitoring scripts, so accidental invocation could expose or persist personal data unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to save daily job-monitor reports under '~/.jobsclaw/reports/' and ATS form structures under 'ats-records/' but does not clearly warn the user that potentially sensitive job-search and application data will be written to disk. This creates privacy and retention risks, since resume-derived details, target companies, and application metadata may persist locally without informed consent or cleanup guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to store and reuse ATS experience in memory files across sessions, but it does not warn users that application-form details may persist. Even if the examples emphasize reusable form structure, the workflow encourages retention of company-specific and potentially user-provided form details, creating privacy and data-minimization risks if sensitive information is captured or later exposed.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger examples include broad phrases like “找工作”, which can match many ordinary conversations and cause the skill to activate when the user did not specifically request campus-search behavior. Unintended invocation can expose user queries to the external MCP-backed workflow and lead to confusing routing or unnecessary data transmission.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to configure an external MCP server with an API key but does not clearly warn that queries and related parameters will be sent to a third-party service. This creates a transparency and privacy problem: users may unknowingly transmit sensitive job-search preferences or other personal context to an external provider.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad enough to match common conversational requests like daily recommendations or reminders, increasing the chance the skill activates unexpectedly. In this skill's context, accidental activation is more dangerous because activation can lead to local script creation and scheduled persistence rather than a harmless read-only action.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not clearly warn that setup creates local files and installs persistent scheduled tasks. That omission undermines informed consent; users may believe they are only requesting job recommendations when the skill is actually altering their machine for recurring execution.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases in the frontmatter are broad enough to match common user requests such as '找工作' or '看 JD', which can cause this skill to activate in situations where the user did not specifically intend to use it. That creates routing confusion and may expose job-search tools, external links, or downstream workflow guidance in the wrong conversational context, especially in a multi-skill environment with overlapping employment-related skills.

Natural-Language Policy Violations

Low
Confidence
78% confidence
Finding
The skill description is written to operate in Chinese and uses Chinese trigger phrases without any indication that language should follow the user's preference. While not directly a code-execution issue, this can cause unwanted language switching, misunderstandings, or reduced transparency if the surrounding system or user is interacting in another language.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list includes broad natural-language phrases such as “帮我做一份简历”, which can overlap with ordinary conversation and cause the skill to activate when the user did not clearly intend to invoke this external workflow. In this skill, unintended invocation is more concerning because activation leads into account setup and collection/transmission of resume and personal data through MCP tools.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly gathers sensitive personal information including name, phone number, email, city, and potentially employment/education history, then writes it through external MCP tools, but it does not present a clear user-facing privacy notice or obtain informed consent before transmission. In resume-building context this is especially sensitive because the data is personally identifying and professionally consequential, and users may not realize it is being sent to a third-party service.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include very broad, common requests such as '编辑简历', '更新简历', '修改简历', and '优化简历', which can cause this skill to activate in situations where the user may only want generic advice rather than tool-backed resume access and modification. In this context, over-broad routing increases the chance of unintended access to resume data or unintended edits through MCP tools, especially because the skill supports destructive and state-changing operations like deletion, reordering, and export.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The description is written as Chinese-only and its trigger usage examples are also exclusively Chinese, which can cause the agent to switch language unexpectedly without checking user preference. This is primarily a safety and usability issue: forcing a language can confuse users, lead to mistaken confirmations, and increase the risk of users approving edits or exports they do not fully understand.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instruction to retain and reuse ATS form details via memory files creates a persistent store of information gathered during application assistance. In this context, form details can easily include sensitive applicant data or derived mappings, so cross-session reuse increases the chance of privacy leakage, unintended disclosure to future users, or overcollection beyond what is necessary for the immediate task.

Ssd 3

Medium
Confidence
97% confidence
Finding
Recording completed application experience after the user fills forms encourages persistent retention of submission-related details at exactly the point where the agent has maximum visibility into sensitive data. Without strict scoping, sanitization, and consent, this pattern can lead to storage of personal information or confidential hiring-process details that are unnecessary for future assistance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal