ClawHub

Jobautopilot Submitter

Security checks across malware telemetry and agentic risk

Overview

This job-application automation skill appears purpose-aligned but needs Review because it can handle sensitive resume data, upload files, and answer application questions without clear user confirmation or scoping.

Install only if you are comfortable letting it read configured resume/application files and interact with job application forms. Before use, restrict resume and upload directories, review every file path before upload, and provide explicit answers for language or demographic-style questions instead of relying on defaults.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document states that personal data comes exclusively from environment variables, but later instructs the agent to parse tailored resume `.docx` files and extract personal and application data. This inconsistency matters because it broadens the data sources being accessed and weakens the user's ability to reason about what sensitive local files the skill may read.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The safety rules claim all personal data comes from environment variables, yet the workflow separately instructs runtime extraction of work history, education, and contact details from resume files. Conflicting rules around sensitive data sources can lead reviewers or operators to underestimate file access and can enable overcollection of personal information during execution.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The template explicitly supports file uploads as part of an agent-generated script but provides no built-in user confirmation, allowlist, or path validation before submission. In a job application automation context, this can cause unintended disclosure of sensitive local files or submission of the wrong document if the runtime generation logic is influenced by page content, bad matching, or upstream data errors.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The function hard-codes selection of a Chinese/Mandarin language option and silently falls back to "Other" if no exact match is found, without any evidence of user input or consent. In a job-application automation skill, this can cause the agent to submit false self-reported demographic or language information, creating integrity, compliance, and user-harm risks even though it is not a code-execution issue.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal