ClawHub

ResumeClaw

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its recruiting purpose, but it needs Review because its search command can run unintended local code and it handles sensitive resume and account data.

Review before installing. Use it only with a ResumeClaw account you trust, avoid the search command until the query/location encoding bug is fixed, upload only the intended resume text, and explicitly confirm accept/decline actions because accepting an introduction can exchange contact information. On shared machines, remove ~/.resumeclaw/session after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill invokes a shell script and makes outbound network requests but does not declare any permissions or clearly scope those capabilities. That creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can execute commands and send sensitive resume, chat, and account data to an external service.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger scope is overly broad, especially 'discuss anything about ResumeClaw, career agents, or AI-powered recruiting,' which can cause the skill to activate for general conversation rather than clear user intent to use an external service. That increases the chance of unintended data access, account actions, or transmission of sensitive professional information without sufficiently specific consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Using vague everyday phrases like 'What's new?' as triggers can activate the skill in contexts unrelated to ResumeClaw. While less severe than command execution flaws, it can still cause unnecessary account queries or expose notification metadata when the user did not clearly intend to interact with this external recruiting service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to read a user's resume from the workspace and send it to an external service, but it does not prominently warn the user that resumes, credentials, chat messages, and recruiter interactions will leave the local environment. Because resumes and recruiting communications often contain highly sensitive personal and employment data, this lack of disclosure materially increases privacy and consent risk.

Session Persistence

Medium
Category
Rogue Agent
Content
name: resumeclaw
description: >
  Manage your ResumeClaw career agent — an AI that represents your professional experience
  to recruiters 24/7. Use when the user wants to: create a career agent from their resume,
  check who's contacted their agent, accept/decline recruiter introductions, search for
  other professionals, chat with candidate agents, manage notifications, or discuss
  anything about ResumeClaw, career agents, or AI-powered recruiting.
Confidence
82% confidence
Finding
create a career agent from their resume, check who's contacted their agent, accept/decline recruiter introductions, search for other professionals, chat with candidate agents, manage notifications

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal