UP 简历 - 让 Agent 帮你写简历找工作

Security checks across malware telemetry and agentic risk

Overview

This job-search and resume helper is coherent, but its monitoring workflow can create persistent scheduled agent runs and local records, so users should review it before use.

Install only if you are comfortable giving the UPCV MCP server access to your resume and job-search data. Before enabling daily monitoring, inspect the generated monitor.sh and any launchd or cron entry, confirm the exact schedule, and know how to remove it. Avoid storing government IDs or other highly sensitive values in ATS records or local reports, and delete old ~/.jobsclaw/reports and ats-records files when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (13)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to create persistent OS-level scheduled tasks via launchd and cron. That exceeds normal one-shot job search behavior and can modify the user's system state in a durable way, creating a persistence mechanism that could be abused or surprise users if installed without explicit, informed consent.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill generates a shell script that invokes the local `claude` CLI to perform automated queries and write reports. This expands the skill from data retrieval into local command execution and scripting, which increases the attack surface and creates risk of command misuse, prompt/script injection through user-supplied filters, or unintended filesystem changes.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad, generic job-seeking terms such as '找工作' and '优化简历', which are likely to appear in normal conversation and can cause the skill to activate unintentionally. In this skill’s context, unintended activation is more concerning because the skill can search jobs, manage resumes, and guide applications, increasing the chance of data exposure or actions taken under the wrong user intent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README states that operations in the AI assistant and the website are synchronized in real time, but it does not prominently warn users that resume data entered in chat will be transmitted to and stored in an external service. In a job-assistant context, this is sensitive personal data handling, potentially including contact details, education, work history, and other identifying information, so lack of clear disclosure can lead to unintended sharing.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad everyday phrases like '找工作' and '投递', which can plausibly appear in normal conversation and cause the skill to activate when the user did not explicitly intend to use this external-service workflow. In this skill, unintended invocation is more concerning because activation can lead to resume processing, job-search actions, and downstream guidance involving external APIs and local file/task creation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The monitoring workflow explicitly instructs creating a shell script, installing a launchd/cron scheduled task, and writing reports under the user's home directory, but it does not require a prominent warning or confirmation about modifying the local system. That creates a real risk of persistent changes being made unexpectedly, especially if the skill is auto-invoked or the user interprets the workflow as read-only assistance.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill processes resumes, job preferences, PDFs, and ATS-related form data through an external MCP server, yet it does not clearly warn users that personal employment data may be transmitted to third-party services. In this context the omission is meaningful because resumes often contain highly sensitive personal and professional information, increasing privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill begins creating a monitoring script and later scheduled execution without a prominent up-front warning that it will write files and install recurring OS tasks. Lack of clear disclosure undermines informed consent and makes persistent local changes more dangerous because users may believe they are only requesting a search or recommendation feature.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases include very broad terms such as “找工作” and “看 JD”, which can match ordinary conversation and cause the skill to activate when the user did not intend to use this tool. In an agent setting, overbroad routing can expose user queries to external MCP tools unexpectedly, causing unintended data sharing and incorrect workflow transitions.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases include broad terms like '创建简历' and '编辑简历' that are common user intents and may cause the skill to activate when the user did not explicitly intend to invoke this external-tool workflow. Because the skill can then lead into MCP setup and remote resume operations, accidental invocation could expose users to unnecessary data collection or confusing actions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly collects sensitive personal data including name, phone number, email, city, and personal website, then instructs the agent to send it through external MCP tools without a clear privacy notice or explicit consent for third-party transmission. In a resume workflow this data is highly identifying, and users may reasonably assume the assistant is handling it locally unless warned otherwise.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad enough to match common user intents like editing or optimizing a resume, increasing the chance this skill is invoked when the user did not specifically intend to send data to the UPCV integration. Because the skill can read and modify resumes through external MCP tools, unintended invocation can expose personal data or cause unwanted changes.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to use an external UPCV MCP Server for listing, retrieving, editing, and exporting resumes, but does not clearly warn users that resumes and job descriptions may be transmitted to a third-party service. Since resumes and JDs often contain sensitive personal, educational, and employment information, lack of informed consent creates a meaningful privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal