Chaining Abuse
High
- Category
- Tool Misuse
- Content
macOS / Linux: ```bash curl -fsSL https://raw.githubusercontent.com/jiyangnan/AgentMesh-JobAgent/main/scripts/install.sh | bash ``` Windows PowerShell:
- Confidence
- 98% confidence
- Finding
- | bash
Job Agent for Boss直聘
Security checks across malware telemetry and agentic risk
Overview
This skill has a coherent job-search purpose, but its setup tells the agent/user to run remote install scripts directly in a shell without verification.
Review this before installing. Only use it if you trust the AgentMesh Job Agent upstream and are comfortable with a local CLI using your resume, Boss/Zhipin browser session, and cloud license key. Prefer downloading and inspecting the installer, pinning a release, and verifying checksums or signatures before running it; do not approve recruiter greeting sends until you have reviewed each preview.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
64/64 vendors flagged this skill as clean.