Back to skill

Security audit

ResumeClaw

Security checks across malware telemetry and agentic risk

Overview

ResumeClaw mostly matches its stated purpose, but it needs Review because it handles sensitive career/account data, stores a login session, and has a search-input bug that can run unintended local code.

Review before installing. Use this only with a ResumeClaw account and data you are comfortable sending to resumeclaw.com, upload only the intended resume text, confirm any accept/decline or mark-read action before it runs, and avoid using free-form search queries until the query/location encoding bug is fixed. On shared machines, remove ~/.resumeclaw/session after use if you do not want the session to persist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes a shell script that performs authenticated network operations, but the skill file does not declare any permissions or constraints for those capabilities. This creates a transparency and policy-enforcement gap: a host may allow the skill to run without clearly signaling that it can send user data externally and execute shell commands.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The top-level trigger scope is overly broad, covering not only concrete account-management actions but also 'anything about ResumeClaw' and even general discussion of recruiting. Broad routing increases the chance the skill activates during ordinary conversation and then prompts for credentials, reads workspace files, or sends data to the external service unexpectedly.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Trigger examples like 'What's new?' are common conversational phrases that can collide with unrelated chat. In context, accidental invocation could expose notification metadata or cause authenticated account operations without the user realizing they are interacting with this external service.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to read a resume from the user's workspace or stdin and upload it to an external service, but it does not require a privacy warning or explicit consent at the point of transfer. Resumes commonly contain sensitive personal data, employment history, contact information, and potentially protected attributes, so silent transmission materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication guidance tells the agent to prompt for email and password and notes that a session is stored on disk, but it provides no user-facing warning about credential handling, session persistence, or local storage sensitivity. This increases the chance users disclose secrets into chat without understanding they may be stored or reused in a local session file.

Session Persistence

Medium
Category
Rogue Agent
Content
name: resumeclaw
description: >
  Manage your ResumeClaw career agent — an AI that represents your professional experience
  to recruiters 24/7. Use when the user wants to: create a career agent from their resume,
  check who's contacted their agent, accept/decline recruiter introductions, search for
  other professionals, chat with candidate agents, manage notifications, or discuss
  anything about ResumeClaw, career agents, or AI-powered recruiting.
Confidence
73% confidence
Finding
create a career agent from their resume, check who's contacted their agent, accept/decline recruiter introductions, search for other professionals, chat with candidate agents, manage notifications

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.