ClawHub

Backend Interview Simulator

Security checks across malware telemetry and agentic risk

Overview

This is a local backend interview practice skill that stores progress and optional CV-derived notes on the user's machine without external calls.

Install this if you are comfortable with local interview history and summarized CV details being saved in ~/.openclaw/backend-interview-simulator/. Avoid providing CV content you do not want retained in derived form, and clear that directory if you want to remove saved state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill promises not to store raw CV text, but it explicitly persists CV-derived project data in profile.json via cv_projects. Free-text project descriptions can contain sensitive resume content, proprietary details, employer names, dates, and other personal data, so this creates a privacy mismatch and potential over-collection issue. In this context the danger is moderate because data remains local, but the policy contradiction can mislead users about what is retained.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation criteria are broad enough to match generic interview-help requests, which can cause the wrong skill to activate and process user input outside its intended backend-only scope. This is primarily a routing and scope-control issue rather than a direct security exploit, but it can lead to unintended file reads, writes, or persistence when another skill should have handled the request. The backend-only context slightly reduces risk, yet the trigger language still lacks clear boundaries.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Treating any CV/resume mention or file path as an activation trigger is overly permissive and can cause the skill to ingest sensitive personal documents even when the user did not clearly ask for backend-interview assistance. Because the skill has read/write capabilities and stores extracted profile data, accidental activation increases privacy risk. The local-only design lowers severity, but CVs are highly sensitive and deserve explicit consent and narrower triggering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal