ClawHub

TalentHR

Security checks across malware telemetry and agentic risk

Overview

The skill exposes a sensitive TalentHR role-changing action while its main description frames the skill as for searching and reading data.

Install only if you expect this skill to make TalentHR administrative changes, not just read TalentHR data. Use it with an account whose permissions are limited to the intended HR tasks, require explicit confirmation before every role change, inspect the live schema before sending payloads, and prefer a verified oo CLI installation path instead of piping a remote script directly into a shell.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata and top-level description claim this skill is for 'searching and reading data,' but the documented action changes an employee's role, which is a privileged state-changing operation. This mismatch can cause an agent or user to invoke the skill under a false assumption of read-only behavior, increasing the risk of unintended privilege changes in TalentHR.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The purpose statement says TalentHR requests are for 'searching and reading data,' yet the body documents a role-changing action. This contradictory guidance is dangerous because downstream agents may trust the high-level description and execute a sensitive write operation without the additional scrutiny normally applied to access-control changes.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata says it should be used for 'searching and reading data,' but this action performs a privileged state-changing operation by modifying an employee's role. That mismatch can mislead users or upstream agents into invoking the skill in contexts assumed to be read-only, increasing the chance of unauthorized privilege changes or accidental escalation.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation text says to use this skill for ANY TalentHR request, which is overly broad and may trigger the skill for unrelated or low-risk mentions of TalentHR. In combination with a state-changing action, broad routing increases the chance that an agent selects this skill inappropriately and reaches a dangerous operation path.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
94% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal