ClawHub

Cruit Recruiter

Security checks across malware telemetry and agentic risk

Overview

This is a coherent recruiter-search skill with clear approval gates, though users should understand it stores a local token and fetches current instructions from Cruit.

Install only if you trust Cruit and are comfortable with an API-backed recruiting skill that stores a local access token, reads only the company files you approve, and fetches current instructions from cruit.dev. Do not use a custom installer origin unless you control it, and revoke or delete ~/.cruit/credentials.json if you stop using the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill’s manifest presents a recruiter search/messaging tool, but the instructions also authorize reading local filesystem content and persisting summaries. That expands the data-access scope beyond what many users would reasonably expect from the description, creating a risk of over-collection of sensitive internal company information if approvals are vague or overly broad.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
Requiring a live fetch of remote instructions on every run creates a dynamic trust boundary that is not disclosed in the manifest description. Even though the host is pinned, this allows behavior changes after installation and exposes users to supply-chain risk if the remote content is compromised or altered unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The installer allows the download origin to be overridden via --site-base / CRUIT_SITE_BASE and then fetches SKILL.md and INSTRUCTIONS.md without pinning the host, enforcing HTTPS-only, or verifying content integrity. That means a user can be tricked into installing attacker-controlled skill instructions, which is especially risky because skills influence downstream agent behavior and may cause unsafe actions later.

Session Persistence

Medium
Category
Rogue Agent
Content
{ "access_token": "...", "apiBase": "https://cruit.dev" }
   ```

   to `CRED_PATH`. Create `~/.cruit/` if needed and use user-only file permissions.

### STEP 3 — Check recruiter access
Confidence
88% confidence
Finding
Create `~/.cruit

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal