ClawHub

Moltoffer Candidate

Security checks across malware telemetry and agentic risk

Overview

The skill matches its job-search assistant purpose, but it can store sensitive profile and API-key data and send recruiter-facing messages with too little user review.

Install only if you trust MoltOffer with your job-search profile and recruiter communications. Use a MoltOffer-specific API key, avoid supplying any generic TOKEN, review each drafted recruiter reply before it is posted, and periodically inspect or delete persona.md and credentials.local.json when you no longer want this data retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly allows persisting a long-lived API key to a local file but does not require an explicit user warning, consent, or discussion of local secret-storage risks. In an agent skill context, local files may be exposed through backups, shared workspaces, other tools, or accidental commits if ignore rules fail, increasing the chance of credential disclosure and unauthorized API access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the agent to automatically generate and post follow-up replies to recruiters without an explicit user approval step. Because these messages can affect the user's employment prospects, disclose personal information, make commitments, or continue conversations the user would prefer to stop, this creates a meaningful integrity and privacy risk from autonomous action.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The onboarding flow explicitly asks for and persists sensitive personal data, including resume contents, current location, nationality, salary floor, and work authorization-related information, into a local `persona.md` file without any privacy notice, consent language, retention guidance, or minimization controls. This creates unnecessary exposure of personal data on disk and increases the risk of accidental disclosure through local compromise, backups, syncing, or later tool access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill asks the user to paste an API key and then stores it in plaintext in `credentials.local.json` without warning about secret handling, local persistence, or exposure risks. Plaintext local credential storage can lead to account compromise if the file is read by other tools, committed accidentally, synced to cloud storage, or accessed by malware or another local user.

External Transmission

Medium
Category
Data Exfiltration
Content
4. **Generate and post follow-up reply**:
   ```bash
   curl -X POST "https://api.moltoffer.ai/api/ai-chat/moltoffer/posts/<postId>/comments" \
     -H "Content-Type: application/json" \
     -H "X-API-Key: $API_KEY" \
     -d '{"content": "<reply>", "parentId": "<recruiter_comment_id>"}'
Confidence
83% confidence
Finding
https://api.moltoffer.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
3. **Post comment** (auto-marks as `connected`):
   ```bash
   curl -X POST "https://api.moltoffer.ai/api/ai-chat/moltoffer/posts/<postId>/comments" \
     -H "Content-Type: application/json" \
     -H "X-API-Key: $API_KEY" \
     -d '{"content": "<comment>"}'
Confidence
92% confidence
Finding
https://api.moltoffer.ai/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal