ClawHub

Job Auto Apply

Security checks across malware telemetry and agentic risk

Overview

This job auto-apply skill is not clearly malicious, but it handles sensitive applicant data and job submissions with broad automation guidance that needs careful review.

Review carefully before installing. Keep dry-run and per-application confirmation enabled, do not use CAPTCHA-bypass automation, provide only the minimum applicant data needed, and review any generated resume, cover letter, or screening answer before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions even though its documented behavior includes reading environment secrets, writing files, and making network requests. That mismatch prevents meaningful user or platform consent and hides access to sensitive capabilities in a workflow that handles personal data, resumes, and external API calls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill materially overstates what it does while omitting that user profile and application content are sent to an external service. Description-behavior mismatches are dangerous because users may consent to automated job assistance without realizing their PII is exported off-platform or that core features are only placeholders, undermining informed consent and trust.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill handles highly sensitive employment data but does not clearly disclose that profile data, resumes, and job materials may be sent to an external AI service. In this context, lack of disclosure is especially dangerous because users may unknowingly expose personal identifiers, employment history, and potentially protected information to a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The compatibility analysis sends applicant/job information to a third-party API without any explicit user consent, privacy notice, or minimization. In a job-application skill, this context is more sensitive because profile details can include personal and career data that users may not expect to be shared externally for scoring.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Cover-letter generation transmits applicant and job information to an external model service without a clear warning or consent flow. Because this skill handles employment materials, external sharing may expose sensitive personal details, employer targets, and custom template text the user did not intend to disclose to a third party.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document describes automating job applications, form filling, resume uploads, and sending candidate materials to third-party services without requiring explicit informed consent, clear disclosure of what data leaves the system, or mandatory review before submission. In a job-application skill, this is especially sensitive because it handles extensive personal and employment data and can submit on a user's behalf across multiple platforms.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The guidance explicitly recommends using captcha-solving services such as 2Captcha or Anti-Captcha, which typically involves sending challenge data to external human/automation services and bypassing platform anti-abuse controls. This raises serious compliance, account-security, and privacy risks, especially in a skill designed to mass-apply to jobs on behalf of users.

Ssd 3

Medium
Confidence
97% confidence
Finding
The code forwards user profile fields and optional cover-letter template text verbatim to a remote LLM service. This creates a concrete privacy exposure because free-form templates and profile data may contain PII, employment history, contact details, or other sensitive content, and the job-application context makes such disclosures particularly sensitive.

Ssd 3

Medium
Confidence
96% confidence
Finding
The compatibility prompt combines job descriptions with applicant information and sends the combined text to a third-party model endpoint. This unnecessarily externalizes profile information for scoring, which is risky in a hiring context where users may reasonably expect their details to remain local unless clearly told otherwise.

External Transmission

Medium
Category
Data Exfiltration
Content
def tailor_resume(resume_text, job_description):
    """Customize resume to highlight relevant skills via SkillBoss API Hub"""
    result = requests.post(
        "https://api.skillboss.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={
Confidence
88% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
def generate_cover_letter(job, profile, company_research):
    """Create personalized cover letter via SkillBoss API Hub"""
    result = requests.post(
        "https://api.skillboss.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={
Confidence
88% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
def tailor_resume(resume_text, job_description):
    """Customize resume to highlight relevant skills via SkillBoss API Hub"""
    result = requests.post(
        "https://api.skillboss.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={
Confidence
88% confidence
Finding
requests.post( "https://api.skillboss.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
def generate_cover_letter(job, profile, company_research):
    """Create personalized cover letter via SkillBoss API Hub"""
    result = requests.post(
        "https://api.skillboss.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={
Confidence
88% confidence
Finding
requests.post( "https://api.skillboss.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
def tailor_resume(resume_text, job_description):
    """Customize resume to highlight relevant skills via SkillBoss API Hub"""
    result = requests.post(
        "https://api.skillboss.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={
            "type": "chat",
Confidence
89% confidence
Finding
https://api.skillboss.com/

External Transmission

Medium
Category
Data Exfiltration
Content
def generate_cover_letter(job, profile, company_research):
    """Create personalized cover letter via SkillBoss API Hub"""
    result = requests.post(
        "https://api.skillboss.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={
            "type": "chat",
Confidence
89% confidence
Finding
https://api.skillboss.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal