Back to skill

Security audit

iHRFlow HR Assistant

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real HR recruiting integration, but it can change live hiring records and its safety controls are not consistently documented.

Install only if you trust the iHRFlow MCP endpoint and want an assistant to act as the configured HR user. Use a least-privilege account, protect the password and API key, avoid shared hosts unless session caching is hardened, and require explicit user confirmation before any action that publishes or closes jobs, schedules or cancels interviews, submits feedback, adds notes, recommends candidates, or changes candidate status.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly describes authentication and access to HR/recruitment data, including usernames, passwords, tenant IDs, and API keys, but provides no warning about safeguarding credentials or handling candidate PII. In an HR context, this omission is meaningful because operators may paste real secrets into config files and use the skill against live employee/candidate records without being alerted to privacy, consent, retention, and least-privilege expectations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The examples normalize live, state-changing actions such as advancing candidates in the hiring pipeline without warning that these operations can modify production recruitment records. In a real HR deployment, accidental or unauthorized execution could alter candidate status, trigger downstream workflows, and create compliance or fairness issues affecting actual applicants.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The manual explicitly encourages high-impact business actions such as publishing positions, advancing candidates, and modifying interview schedules without documenting confirmation prompts, approval gates, or warnings about irreversible side effects. In an agent skill with network and shell permissions that can act on live HR systems, this increases the risk of accidental or prompt-induced unauthorized state changes affecting hiring operations.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.