Back to skill

Security audit

Openjobs People Match

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OpenJobs AI integration, but users should treat CVs, LinkedIn URLs, job descriptions, and the API key as sensitive before using it.

Install only if you trust OpenJobs AI/Mira with candidate information and your API key. Confirm you are authorized to submit CVs, LinkedIn URLs, and job descriptions to that provider, minimize unnecessary personal data, and check for the key without printing its full value.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to send highly sensitive candidate data—CV contents, job descriptions, and LinkedIn URLs—to a third-party API, but it does not require explicit user consent, data minimization, or any privacy notice about retention, processing, or sharing. In a hiring context this can expose personal data and potentially confidential recruiting information to an external service without adequate transparency or safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.