HireMe Pro

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.prompt_injection_instructions

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Setup may install and run Playwright/Chromium locally.

Why it was flagged

The skill relies on a user-installed external package/runtime even though registry requirements list no required binaries or install spec. This is expected for PDF generation, but users should install from a trusted environment.

Skill content

Playwright for PDF generation (`pip3 install playwright && playwright install chromium`)

Recommendation

Review the setup commands before running them, install Playwright from a trusted Python environment, and consider pinning dependency versions.

NoteHigh Confidence

ASI06: Memory and Context Poisoning

What this means

Your resume details will be saved on disk and could be exposed through local backups, sync tools, or other users with access to the machine.

Why it was flagged

The skill persistently stores names, contact information, work history, and other resume details for reuse across resume-building tasks.

Skill content

Store extracted data in `data/resume-data.json` ... Resume data contains PII

Recommendation

Keep the data directory in a protected location, use disk encryption where possible, and delete local resume data when no longer needed.

NoteMedium Confidence

ASI03: Identity and Privilege Abuse

What this means

If you build the optional dashboard, mishandling the service role key could expose or modify cloud-stored job and resume data.

Why it was flagged

The optional dashboard build spec introduces cloud credentials, including a high-privilege Supabase service role key, even though the core skill metadata declares no credentials.

Skill content

`SUPABASE_SERVICE_ROLE_KEY` (server-side only)

Recommendation

Only use the service role key on trusted server-side code, never expose it to the browser, and verify Row Level Security policies before storing real resume data.

NoteMedium Confidence

ASI09: Human-Agent Trust Exploitation

What this means

Users may believe every feature is fully local when optional features can involve web or cloud services.

Why it was flagged

These absolute privacy assurances are broader than the rest of the package, which also documents user-requested web_search/web_fetch salary research and an optional Supabase/Vercel dashboard.

Skill content

No data exfiltration — Your resume data never leaves your machine ... No external API calls — Everything runs locally

Recommendation

Treat the local-only claim as applying to the core resume/PDF workflow, and explicitly confirm before enabling salary web research or the dashboard kit.

Findings (2)

warn

suspicious.prompt_injection_instructions

Location: SECURITY.md:62
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: SKILL.md:20
Finding: Prompt-injection style instruction pattern detected.