Back to skill

Security audit

Workorai

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for WorkorAI, but it can use saved credentials for live hiring and job-application actions with broad activation and incomplete confirmation guidance.

Review before installing if you have a WorkorAI candidate or employer key saved on this machine. Use it only when you want WorkorAI-specific job or hiring workflows, confirm every application, invite, publication, deletion, or review-status change before it happens, and be aware that saving a key with best-effort may leave a local 0600 file copy as well as using the OS credential store.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

Medium
Confidence
90% confidence
Finding
Routing generic job-search requests to this skill by default creates an overly broad activation boundary. In a dual-role skill that can read saved credentials, request new API keys, and perform marketplace actions, accidental invocation can expose users to unintended onboarding prompts, credential handling flows, or actions in the wrong integration context.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Several trigger phrases listed are broad natural-language expressions such as 'find me a job' or 'show me jobs', which are likely to appear in ordinary conversation unrelated to this specific platform. Because the skill supports sensitive flows like saved-key retrieval and employer/candidate operations, unintended activation increases the chance of misrouting user requests, unnecessary credential prompts, and confusing or privacy-impacting tool use.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables implicit invocation without defining any trigger constraints or exclusion conditions, which can cause the agent to activate WorkorAI on broad, ambiguous user requests. Because this skill can search jobs, review candidates, manage applications, and interact with a live MCP surface, unintended invocation could expose user data, initiate sensitive hiring workflows, or steer conversations into external-tool actions without clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
`candidate.apply_to_job` is a state-changing action that submits an application on the user's behalf, but the guidance does not require explicit user confirmation immediately before execution. In an agent setting, this increases the risk of unintended applications from ambiguous phrasing, stale conversational context, or prompt manipulation that nudges the agent into performing a write action the user did not clearly authorize.

Missing User Warnings

Low
Confidence
89% confidence
Finding
This recipe instructs the agent to send invitations and later cancel or alter hiring workflow state without explicitly requiring user confirmation or warning about the effect on real candidate records. In a recruiting skill, these are externally visible actions that can affect candidates and the employer's hiring funnel, so omission of confirmation guidance increases the risk of unintended state-changing operations.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The free-form flow allows creating a job from raw user text and then publishing it, but the recipe does not warn that this may create a real vacancy and make it live. Because publication is a consequential external action, an agent following this recipe could turn exploratory discussion into a public posting without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The lifecycle recipe includes close, archive, and delete operations that change or remove job state, including a destructive DRAFT deletion path, without emphasizing their consequences or requiring confirmation. In a hiring platform context, these actions can disrupt recruiting operations, hide listings, or remove drafts through accidental execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly tells users to copy or generate an Employer MCP API key and save it locally, but provides no security guidance about secret handling, storage location, access controls, rotation, or avoiding logs/shell history. Because this skill operates on employer-side recruiting actions, compromise of that key could let an attacker act as the employer, access gated hiring data, and modify job or invitation state.

Natural-Language Policy Violations

Medium
Confidence
77% confidence
Finding
The document states there is no privacy opt-out and that discoverability is effectively mandatory once a candidate completes and ingests a profile interview. In a talent marketplace context, this creates a real privacy and compliance risk because candidates may be exposed to employer search and invitation workflows without a consent withdrawal mechanism or configurable visibility controls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/__tests__/credential-store.role.test.mjs:33

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/credential-store.mjs:123