ClawHub

AI Job Hunter Pro

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its job-search purpose, but needs review because it handles sensitive resume data and can generate application materials with hard-coded personal claims.

Install only after reviewing the scripts and keeping dry-run plus explicit confirmation enabled. Manually verify every generated cover letter, remove the hard-coded Disney/Amazon/UCL claims unless they are truly yours, use a virtual environment, and treat the local Chroma/SQLite databases and any logged-in job-site browser sessions as sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill invokes Python scripts that read local files, write local state, access external job platforms, and execute shell commands during setup, but it does not declare any permissions for those capabilities. This creates a trust and containment gap: a user or platform may approve the skill without understanding it can access sensitive resume/profile data, modify local files, and communicate over the network.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The dashboard imports executable JavaScript from cdnjs and fonts from Google Fonts, which creates unnecessary outbound network access and a supply-chain dependency for a tool whose stated purpose is local visualization of a user-provided JSON file. If either third-party resource is compromised, blocked, or replaced, the page could run attacker-controlled code or leak usage metadata despite handling potentially sensitive job-search data.

Context-Inappropriate Capability

Medium
Confidence
80% confidence
Finding
The skill accepts user-provided resume files and passes them to external document-processing binaries, which adds unnecessary OS-level parsing capability to a job-matching workflow. While not an immediate injection flaw, this meaningfully enlarges the attack surface because malformed documents may trigger vulnerabilities in pdftotext or pandoc.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly promotes automated application submission and "auto-apply" behavior but does not clearly warn users that the skill may take actions on external job-platform accounts, submit data on their behalf, or cause irreversible profile/application changes. In a job-search automation context, this omission is meaningful because users may underestimate the risk of mass submissions, accidental applications, account flags, or privacy exposure when resumes and cover letters are sent to third parties.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The pipeline automatically loads sensitive profile data from a predictable local file and then persists derived personal content, including cover letters and ATS keywords, into a local SQLite database without explicit notice or consent flow. In a job-search skill, this increases privacy risk because resumes and application materials often contain PII, employment history, and other sensitive career data that may be retained longer than the user expects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Resume chunks and embeddings are persisted to a local Chroma database under the user's home directory without any explicit consent, retention policy, or deletion workflow. Because resumes commonly contain highly sensitive personal data, silent long-term storage increases privacy and data-exposure risk, especially on shared or compromised systems.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The feedback mechanism stores user-derived job-description data and preference signals persistently without clear notice or retention controls. Even if lower sensitivity than a resume, this still creates an unannounced behavioral profile and may reveal the user's interests or job-search activity over time.

Unpinned Dependencies

Low
Category
Supply Chain
Content
chromadb>=0.4.0
sentence-transformers>=2.2.0
pdfplumber>=0.10.0
python-docx>=0.8.11
Confidence
95% confidence
Finding
chromadb>=0.4.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
chromadb>=0.4.0
sentence-transformers>=2.2.0
pdfplumber>=0.10.0
python-docx>=0.8.11
Confidence
95% confidence
Finding
sentence-transformers>=2.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
chromadb>=0.4.0
sentence-transformers>=2.2.0
pdfplumber>=0.10.0
python-docx>=0.8.11
Confidence
95% confidence
Finding
pdfplumber>=0.10.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
chromadb>=0.4.0
sentence-transformers>=2.2.0
pdfplumber>=0.10.0
python-docx>=0.8.11
Confidence
98% confidence
Finding
python-docx>=0.8.11

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal