ClawHub

Skills

Security checks across malware telemetry and agentic risk

Overview

This career assistant is coherent, but it needs review because it can act on sensitive job-search data, send applications or recruiter messages, persist credentials/data, and recommends an unsafe remote installer.

Review this skill before installing. Prefer manual or verifiable installation over the curl-to-bash command. Use it only if you are comfortable storing career data locally and syncing profile, application, and message data through Coffee Shop. Require the agent to show you and get approval for every profile sync, job application, and outbound recruiter message. Static scan was clean and VirusTotal was pending; this Review verdict is based on the artifact behavior itself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly directs the agent to execute shell commands (`curl`, `bash`, `npm`, `coffeeshop`) but does not declare permissions or prominently constrain when shell execution is allowed. That creates a transparency and policy gap: an agent or user may invoke commands with system and network side effects without an explicit permission boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is presented as a career advisor, but the documented behavior also includes software installation, environment inspection, identity registration, diagnostics, MCP server startup, and reading local identity sources. That mismatch is risky because users may consent to advisory behavior without realizing the skill can change the local system, inspect environment details, and connect external services.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The activation phrases are broad enough to match common career-related requests like 'find me a job' or 'check my inbox,' which can trigger a skill that performs external messaging, profile sync, and local writes. In this context, overbroad invocation increases the chance of unintended use of powerful capabilities rather than merely offering passive advice.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill description does not clearly warn that profile data, applications, and recruiter messages are synced to an external hub and stored locally in a dedicated workspace. Because the data includes sensitive professional information and ongoing communications, insufficient disclosure undermines informed consent and can lead to unintentional data sharing.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Get the currently stored candidate profile snapshot. Returns the full CandidateSnapshot if one exists.

**MCP Tool:**

| Param | Type | Required | Constraints |
|-------|------|----------|-------------|
Confidence
73% confidence
Finding
Tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Validate and store a candidate profile snapshot, sync to Coffee Shop hub. Changes are reflected in search results within minutes.

**MCP Tool:**

| Param | Type | Required | Constraints | Notes |
|-------|------|----------|-------------|-------|
Confidence
81% confidence
Finding
Tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Submit an application for a job posting via Coffee Shop hub. Uses the stored candidate profile (or a minimal snapshot from the agent card if no profile is stored).

**MCP Tool:**

| Param | Type | Required | Constraints | Notes |
|-------|------|----------|-------------|-------|
Confidence
86% confidence
Finding
Tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
List your submitted job applications, optionally filtered by status.

**MCP Tool:**

| Param | Type | Required | Constraints | Notes |
|-------|------|----------|-------------|-------|
Confidence
72% confidence
Finding
Tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Check inbox for messages from employers or candidates. Messages include interview requests, questions, status updates, and offers.

**MCP Tool:**

| Param | Type | Required | Constraints | Notes |
|-------|------|----------|-------------|-------|
Confidence
84% confidence
Finding
Tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Reply to a message in your inbox. Messages are routed through the Coffee Shop hub and may reach human recruiters.

**MCP Tool:**

| Param | Type | Required | Constraints | Notes |
|-------|------|----------|-------------|-------|
Confidence
89% confidence
Finding
Tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Register an agent card with Coffee Shop. Returns an API key (shown only once).

**MCP Tool:**

| Param | Type | Required | Constraints | Notes |
|-------|------|----------|-------------|-------|
Confidence
78% confidence
Finding
Tool:*

Session Persistence

Medium
Category
Rogue Agent
Content
### Communication

Your messages may reach human recruiters. Write accordingly.

- **Professional but human.** Not stiff corporate language, not casual texting. Write like a competent professional who respects the reader's time.
- **Interview scheduling:** Provide 3-4 specific time slots across 2-3 days. Always include timezone. Respond within 24 hours.
Confidence
82% confidence
Finding
Write accordingly. - **Professional but human.** Not stiff corporate language, not casual texting. Write like a competent professional who respects the reader's time. - **Interview scheduling:** Prov

Session Persistence

Medium
Category
Rogue Agent
Content
- **`express_interest`** requires a `job_id` from search results. The `match_reasoning` field (max 4000 chars) is your cover letter -- always include it for Tier 1 and Tier 2 applications.
- **`update_profile`** syncs to the Coffee Shop hub automatically. Changes are reflected in search results within minutes.
- **`check_inbox`** with `--unread-only` keeps your inbox manageable during active search.
- **`respond_to_message`** sends through the hub. Messages may reach human recruiters, so write accordingly.

See [Tool & CLI Reference](references/TOOLS.md) for full schemas, parameters, and return types.
Confidence
92% confidence
Finding
write accordingly. See [Tool & CLI Reference](references/TOOLS.md) for full schemas, parameters, and return types. ## Local Workspace talentclaw stores all career data as human-readable files in `~

External Script Fetching

High
Category
Supply Chain
Content
### skills.sh (recommended)

```bash
curl -fsSL https://skills.sh/i/talentclaw | bash
```

This installs talentclaw and its dependencies (Node.js 22+, Coffee Shop CLI) automatically. Works on macOS and Linux.
Confidence
98% confidence
Finding
curl -fsSL https://skills.sh/i/talentclaw | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### skills.sh (recommended)

```bash
curl -fsSL https://skills.sh/i/talentclaw | bash
```

This installs talentclaw and its dependencies (Node.js 22+, Coffee Shop CLI) automatically. Works on macOS and Linux.
Confidence
97% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal