Back to skill

Security audit

Freelance Job Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill looks like a simple job-report script, but it materially overstates what it scans and uses the user's authenticated GitHub CLI session for a mismatched data source.

Review before installing. Run it only if you are comfortable letting it use your current `gh` login for API requests, preferably with a low-scope GitHub account or token. Do not rely on it to cover YC, RemoteOK, or WeWorkRemotely unless the missing scanners are added or the documentation is corrected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises executable capabilities including shell access and file writing but does not declare permissions, which weakens user awareness and any permission-gating model around the skill. In an autonomous agent context, undeclared execution and write behavior can lead to unexpected command execution, local file modification, and expansion of trust beyond what a user reasonably expects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially differs from the observed behavior: the skill claims broad multi-source job monitoring and scoring, but apparently relies on gh/GitHub API access, omits promised sources, and does not apply some advertised filters. This kind of deception or drift is dangerous because users may authorize credentials, network access, or automation based on false assumptions, leading to over-privileged operation, incorrect decisions, and reduced ability to detect misuse.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The skill description omits a clear warning that it performs network requests and scraping against external job platforms, which reduces informed consent and can surprise users in restricted or sensitive environments. While this is less severe than hidden execution or privilege abuse, undisclosed outbound access can still create privacy, compliance, and operational risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.