Security audit

Developer Interview Simulator

Security checks across malware telemetry and agentic risk

Overview

This is a local developer interview practice skill that stores interview progress and optional CV-derived details on the user’s machine.

Install if you are comfortable with local interview-practice files being created under ~/.openclaw/developer-interview-simulator. Avoid providing a sensitive CV unless you want derived profile details used for tailoring, and review or delete that folder if you want to reset stored data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill processes resumes/CVs and maps extracted data into persistent local profile storage without requiring a clear upfront consent step before collection and retention. Because CVs often contain sensitive personal and employment data, implicit ingestion and storage increases privacy risk, especially if the user expected one-time analysis rather than persistent profiling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.