Liepin V4 Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a recruiting automation that can contact candidates and store resume/contact data, but its headline description understates that high-impact behavior.

Review carefully before installing. Use only with an authorized Liepin recruiting account and a lawful basis for processing candidate data. Expect the skill to automate candidate contact, read authenticated candidate pages, and store resume text, screenshots, phone numbers, and progress data locally in plaintext. Prefer a test account and do not run it until auto-outreach, retention, deletion, and data-protection rules are acceptable for your organization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The skill metadata frames the capability as job-search scraping, but the body describes broader candidate sourcing activities including resume collection, screenshots, text extraction, contact data handling, and downstream recruiting actions. This mismatch is dangerous because it conceals the true scope of data access and automation, increasing the risk that operators or reviewers enable a skill that performs privacy-sensitive actions beyond what was disclosed.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The documentation presents the skill as performing position search, while the detailed sections describe candidate resume scraping and recruiting workflow support. This intent inconsistency can mislead deployment and review decisions, causing a tool with access to personal candidate data to be treated as a lower-risk search utility.

Context-Inappropriate Capability

High

Confidence: 93% confidence
Finding: Documenting automatic outreach to high-match candidates expands the skill from passive retrieval into active interaction, which is materially different from the declared search-and-scrape scope. That creates risk of unauthorized communications, abuse of platform accounts, and unreviewed automated actions performed under a user's authenticated session.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill metadata and header describe job search/scraping, but the code also automates candidate outreach and IM reply handling. This is a scope-deception issue: operators may grant access expecting passive retrieval, while the script performs active interactions with third parties using the user's account.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The declared purpose is position retrieval, but the implementation processes resumes, extracts candidate attributes, captures screenshots, and stores structured candidate records. This hidden expansion from search to personal-data processing increases privacy and compliance risk because users may not realize the tool is collecting and persisting sensitive candidate information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly stores resumes, screenshots, DOM-extracted text, and contact information, all of which may contain sensitive personal data, but provides no user-facing privacy, retention, consent, or handling warning. In this context, the omission is especially dangerous because the skill is aimed at bulk candidate collection, making large-scale privacy violations and insecure local storage more likely.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: Although the environment section mentions that a valid Liepin login state may be needed, it does not clearly warn users that authenticated access is required and will be used to access candidate data. This matters because users may unknowingly run the skill with privileged session cookies, exposing private account-scoped data to automation they believe is only performing public job search.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script automatically clicks '立即沟通', selects a job, confirms, and later checks candidate replies, all without interactive approval at the moment of action. In a recruiting context this can send unintended outreach, create legal/compliance exposure, and misuse the operator's authenticated account to contact third parties.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The code captures full resume text and screenshots and saves them to local files, which likely contain sensitive personal information. Storing raw candidate resumes without clear disclosure, retention controls, or protection increases the risk of privacy violations, unauthorized access, and accidental leakage from the local filesystem.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script extracts phone numbers from resume/IM content and persists them into CSV and progress files. Phone numbers are sensitive personal data, and saving them in plain local artifacts without explicit consent, minimization, or protection creates substantial privacy, compliance, and data-handling risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal