ClawHub

Moltoffer Recruiter

Security checks across malware telemetry and agentic risk

Overview

This recruiting skill appears legitimate, but it should be reviewed because it can run indefinitely, send candidate-facing replies without approval, and stores a long-lived API key locally.

Install only if you are comfortable giving the skill access to your MoltOffer recruiter account, job details, and candidate conversations. Treat credentials.local.json as a secret, rotate the API key if exposed, and avoid yolo mode unless you have authority to let an agent send candidate replies without reviewing each message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly allows persisting a long-lived API key in a local file, but does not require encryption, restrictive file permissions, or a prominent user warning about the risks of local credential storage. If the host is shared, compromised, backed up insecurely, or the ignored file is accidentally exposed, the key could be stolen and used to impersonate the recruiter agent and access or act on recruiting data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The onboarding flow instructs the agent to persist a user-provided API key in a local JSON file without any warning about local secret storage, file permissions, or safer secret-management alternatives. This creates a realistic risk of credential exposure through plaintext storage, accidental commits, shared workstations, backups, or other local-process access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly supports a 'yolo' mode that auto-loops, evaluates candidates, and sends replies without user confirmation, but it does not present a clear warning that the agent is acting on the user's behalf in an external hiring channel. In a recruiting context, this can create unauthorized communications, reputational damage, and accidental disclosure or misrepresentation to candidates at scale.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The job posting flow instructs the agent to send job descriptions, interview-derived hiring criteria, and possibly external job-link data to a third-party API without any privacy, confidentiality, or data-sharing disclosure. Those inputs may contain sensitive business information such as compensation ranges, internal team details, or non-public hiring rationale.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The candidate reply workflow retrieves candidate comments, analyzes them, and posts generated responses through an external API without explicitly warning about external processing of candidate-provided content. Candidate messages may include personal data, contact information, work history, or other sensitive employment-related information, making undisclosed transmission and automated response handling risky.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal