ClawHub

Lever

Security checks across malware telemetry and agentic risk

Overview

This Lever skill is not malicious, but it should be reviewed because it can read and change sensitive recruiting data through a broadly scoped Membrane connection.

Install only if you intend to use Membrane to access Lever ATS data. Confirm the Lever connection and action before use, and require explicit approval before creating, updating, archiving, deleting, or dynamically generating actions against candidates, postings, interviews, notes, users, or requisitions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a Lever integration, but it explicitly instructs the agent to create arbitrary new Membrane actions when a suitable one does not exist. That expands the capability boundary from a scoped ATS connector into dynamic tool generation, which can enable unintended operations, broaden data access, and bypass the narrower expectations set by the manifest.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The manifest description claims support for CRM-style entities such as Leads, Persons, Organizations, Deals, and Notes, while the body documents ATS entities like opportunities, postings, requisitions, and interviews. This mismatch can cause incorrect invocation and operator confusion about what systems and data the skill should access, increasing the chance of unintended actions against recruiting data.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is broad enough that the skill may be selected for generic recruiting-data requests without clear scoping to specific Lever operations. When combined with network access and dynamic action discovery/creation, overbroad routing raises the risk of unnecessary exposure of applicant data or execution of unintended actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal