LinkedCareer

Security checks across malware telemetry and agentic risk

Overview

LinkedCareer is a local career and resume tool that handles sensitive personal career data, but the reviewed artifacts show that behavior is disclosed, purpose-aligned, and not hidden or exfiltrating data.

Install only if you are comfortable storing resume and career details locally on this machine. Treat the data directory and generated resume files as sensitive, especially on shared or backed-up devices, and remove them manually when no longer needed. During installation, npm will fetch the docx dependency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 76% confidence
Finding: The skill declares no permissions, yet the analyzer detected environment-variable access capability. Undeclared access to env can expose API keys, tokens, usernames, or system configuration to runtime code, and users reviewing only the manifest would not be able to make an informed trust decision. In a career/resume skill, this capability is not obviously required, so the mismatch increases concern.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The manifest describes a resume/career tool, but the analyzed behavior includes additional data-processing and persistence functions such as importing resumes, job matching, reminders, and local storage/export of career data. This mismatch is dangerous because users may provide sensitive employment history, contact data, and job-search materials without understanding the full feature set and handling behavior. The risk is amplified because career data is highly personal and can reveal identity, compensation history, and job-seeking status.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The template uses Handlebars triple-stash syntax (`{{{this}}}`) to render achievement content without HTML escaping. If achievement text comes from user-controlled resume data, an attacker can inject arbitrary HTML and potentially active content in downstream renderers, which is especially risky in web preview flows or HTML-to-PDF pipelines that fetch external resources or execute script-like payloads.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill stores career/profile and resume data locally but does not prominently warn users in the description or quick-start flow. Even without network exfiltration, local persistence of resumes, work history, and contact details can create privacy and confidentiality risks on shared devices, backups, or compromised hosts. Because this is a career-management skill, the stored content is particularly sensitive and should be disclosed before use.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly solicits and stores sensitive personal data including name, phone number, email, city, age, gender, education, and employment history, but presents no privacy notice, retention policy, minimization guidance, or consent boundary. In a career-management skill, this materially increases privacy and compliance risk because users are encouraged to paste old resumes containing even more personal data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill persists highly sensitive resume data, including personal and career information, to local disk automatically with no indication in this code of user notice, consent, retention policy, or access controls. In a career-management context this increases privacy risk because the data includes PII and employment history that may be exposed to other local users, backups, or malware on the host.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The importResume flow extracts personal information from raw resume content and immediately saves it via save(), causing automatic persistence of sensitive PII without any explicit confirmation step. This is dangerous because users may expect parsing to be transient, while the skill writes contact details and work history to long-lived local files in a predictable location.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The function writes generated content to an arbitrary caller-supplied outputPath without validation, restriction, or explicit consent checks. If an upstream agent passes attacker-controlled or unsafe paths, this can overwrite files, write into sensitive locations, or be abused for unintended filesystem modification within the process's permissions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal