Indeed Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a user-run Indeed lead scraper that fits its stated purpose, with caveats around browser-profile use and optional saving to a hard-coded local lead file.

Install only if you are comfortable with a local scraper that drives OpenClaw/Chrome against Indeed. Use a dedicated browser profile if possible, verify the external scrapling helper before using the fallback, and review or change the hard-coded lead-list path before running with --save.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill documentation advertises executable commands that perform network access, shell execution, and file writes, but it declares no permissions. This undermines informed consent and sandboxing because an agent or reviewer cannot accurately assess what the skill will do before invocation, increasing the risk of unintended data exfiltration, local file modification, or unsafe tool use.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented behavior materially differs from the stated purpose: it writes to a hard-coded local path, relies on external local tooling/browser relay, and does not actually provide some promised enrichment such as phone numbers. This is dangerous because hidden side effects and undocumented dependencies reduce operator visibility and can cause unauthorized local changes, brittle execution, or misuse of the skill under false assumptions about what data is collected and how.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: When --save is used, the script appends untrusted scraped content directly into a fixed local file path without sanitization or clear warning. Because company names, titles, and locations come from external content, an attacker controlling or influencing scraped text could inject markdown/table-breaking payloads or misleading entries into an internal lead repository, compromising data integrity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal