ClawHub

Resume Builder

Security checks across malware telemetry and agentic risk

Overview

This resume-building skill is local-only and purpose-aligned, with minor cautions around broad triggers, local storage of personal career data, and resume examples that should not be treated as permission to invent facts.

Install only if you are comfortable storing resume details, contact information, work history, and cover letters locally under ~/.openclaw/resume-builder. Review generated resume metrics carefully and provide your own numbers; do not let example figures become claims about your background.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill explicitly claims it only reads and writes files under ~/.openclaw/resume-builder, yet elsewhere it instructs use of shell execution to create that directory. This creates a mismatch between declared and actual capabilities, which can mislead users and reviewers about the true execution surface and normalize unnecessary command execution.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Using shell execution to run mkdir for a resume builder is unnecessary privilege expansion because directory creation can typically be handled without invoking a shell. Any use of exec increases the attack surface and makes prompt-to-command abuse more plausible if the implementation later generalizes beyond the fixed command.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill says 'Never fabricate' but also instructs the model to 'always encourage adding numbers and metrics' and elsewhere provides invented quantified examples. In a resume context this can cause the model to generate false employment claims or performance metrics, exposing users to fraud, reputational harm, and downstream integrity issues.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The bullet enhancement examples transform vague statements into highly specific quantified claims that were not provided by the user, such as 100M+ users, 25% CTR improvements, and 99.9% uptime. This is dangerous because it trains or instructs the agent to fabricate resume content, which can materially misrepresent the user's background.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation description is extremely broad, including 'any resume/CV task,' which raises the risk of unintended activation during unrelated conversations that mention overlapping terms. Over-broad activation can expose stored personal data or trigger file reads/writes when the user did not intend to use this skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using the single word 'summary' as an activation trigger is too ambiguous because it commonly appears in many non-resume contexts. This can cause accidental skill activation and inappropriate handling of unrelated user text as resume data or commands.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase 'export' is generic and likely to collide with unrelated requests, especially in environments where users may export many kinds of content. Accidental activation could lead to disclosure of the current resume or unintended file operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal