ClawHub

Cruit Candidate

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its recruiting-profile purpose, but it can pull new operating instructions from Cruit on every run, so its reviewed behavior can change after installation.

Review before installing. The profile workflow is mostly consent-based, but only install if you are comfortable with the skill using live, changeable instructions from Cruit, storing a local access token, and sending approved resume/project profile facts to Cruit's servers. Prefer a pinned or marketplace-reviewed update path if available, and remove ~/.cruit/credentials.json if you want to clear the saved session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to fetch and prefer externally hosted instructions on every run, even though the local skill appears to be a bounded profile-management tool. This creates an external control channel that can silently change behavior after review, defeating static inspection of the shipped skill file.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
A self-updating instruction source is effectively remote code/instruction execution for an agent, because the operational logic can be replaced on every run by whatever is served at the hosted URL. If that endpoint is compromised or changed unexpectedly, the skill could be repurposed to exfiltrate data, expand scope, or install persistence without the originally reviewed safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to submit a structured profile containing resume-derived and project-derived facts to a remote API, but the user-facing publishing prompt emphasizes approval of facts rather than clearly warning that this data will be transmitted to an external service. Although consent to publish is requested, the lack of an explicit external-transmission/privacy notice can lead users to approve disclosure without understanding the destination and scope of data sharing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill writes an access token to ~/.cruit/credentials.json for session reuse, but it does not tell the user in advance that a bearer token will be stored locally on disk. Even with user-only file permissions, undisclosed token persistence increases the risk of surprise credential retention, especially on shared machines or systems with weak endpoint security.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal