BOSS直聘手机号提取器

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises, but it automates access to private recruiting chats and stores extracted personal phone numbers with weak scoping and unattended-use guidance.

Install only if you intentionally want automation to open your BOSS直聘 chats and collect HR phone numbers. Run it manually with a small limit, choose a protected output path, avoid cron/headless background use unless necessary, and delete or secure the saved contact file when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The example explicitly shows how to send results to Telegram, creating an external data transmission path for information derived from private recruiting messages. In the context of a phone-number extractor, this materially increases privacy and confidentiality risk because users may copy the example without realizing they are exporting personal data or sensitive metadata to a third-party service.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description uses broad trigger terms like “BOSS直聘”, “zhipin”, and “猎聘” that can cause the agent to invoke browser automation and data extraction in loosely related job-hunting conversations without an explicit user request. Because the skill performs account-scoped actions and extracts sensitive personal contact data, ambiguous auto-invocation increases the risk of unintended scraping, privacy violations, and unexpected interaction with a logged-in session.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill describes automated browser use against a logged-in BOSS直聘 session and writes extracted phone numbers to local files, but it does not prominently warn that this can alter account/session state, expose personal data on disk, or create privacy/compliance issues. In this context, the missing warning is more dangerous because the workflow targets recruiter contact details from private messages and encourages batch extraction from a real user account.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide instructs users to log in, persist cookies, extract phone numbers, and write contact data to disk without warning about the sensitivity of session tokens and personal data. In this skill context, that omission is dangerous because the workflow handles private recruiter/candidate information and authentication material that could be exposed through poor storage practices or unauthorized reuse.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The scheduled headless execution workflow normalizes unattended collection of personal data and references Telegram reminders without warning that automation can increase exposure, persistence, and accidental disclosure. In this context, repeated background access to recruiting messages and possible onward transmission raise meaningful privacy and account-security risks.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script automates extraction of phone numbers from private chat messages on zhipin.com and persists them to a local text file without consent checks, minimization, masking, encryption, or any privacy notice. In this context, the skill is explicitly designed to harvest personal contact data from private conversations, making misuse for unauthorized collection, retention, and exfiltration significantly more dangerous.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal