ClawHub

Remote Job Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill is a job-search tool, but it ships real auto-apply code that can send resumes and application data externally while the documentation is inconsistent about that capability.

Review this carefully before installing. Use it only in dry-run or report-only mode unless you are comfortable with automated applications, resume uploads, SMTP/LinkedIn account use, and local storage of tailored resumes and application logs. The publisher should align the README and SKILL.md, add explicit per-job approval before submission, disclose all outbound data flows, and provide cleanup and retention controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The README front-matter advertises automatic job application, while the body states the auto-apply engine is not in the current release. This mismatch can mislead users or orchestrators about what actions the skill may take, creating unsafe expectations around autonomous external interactions and consent-sensitive behavior.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The security section claims that all data is written locally and nothing is sent externally, but the README also describes outbound job-board API access and WhatsApp summaries. This is a materially false security/privacy representation that may cause users to share resumes and job-match data without understanding that third parties and external services are involved.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The LinkedIn flow blindly checks the first available radio options while the comment claims it is answering questions as 'Yes'. On job applications, radio questions often include legal eligibility, sponsorship, criminal history, relocation, or policy attestations, so selecting arbitrary answers can submit false statements on the user's behalf.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases and invocation scope are very broad, covering generic job-search and resume-related requests. In agent ecosystems, overly broad activation increases the chance the skill runs in contexts the user did not intend, exposing resume data or causing external actions without sufficiently specific confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes WhatsApp summaries of resume-matched results without clearly warning that job matches, skill gaps, and potentially resume-derived information may be transmitted through an external messaging platform. That omission can lead to unintended disclosure of sensitive employment and profile data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The daily WhatsApp workflow instructs the agent to read the report and send top matches and skill gaps externally, but it provides no user warning or consent checkpoint for transmitting report contents. Because the report is derived from the user's resume and preferences, this creates a real privacy risk through unannounced third-party sharing.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad language like automatically finding and applying daily, without clear trigger boundaries, can cause the skill to run or be invoked in situations the user did not specifically authorize. For a skill that can submit applications and contact external services, ambiguous invocation scope increases the chance of spammy, repeated, or unintended actions affecting the user's accounts and reputation.

Missing User Warnings

High
Confidence
93% confidence
Finding
The description omits a clear warning that the skill may automatically apply to jobs and share user data externally with employers, ATS platforms, email recipients, and messaging channels. Because resumes, tailored application content, and possibly credentials are involved, this omission materially increases privacy, consent, and compliance risk in a context where users may not expect broad outbound data flows.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The keyword list in this range contains several highly generic terms such as common programming languages, cloud providers, databases, and workflow terms that are widely present across many unrelated job postings. In a skill that automatically searches, scores, and auto-applies to jobs, overly broad triggers can cause unintended activation, misclassification, and automated applications to irrelevant roles, increasing the chance of spammy or harmful actions at scale.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The phrase list and title keywords are broad enough to match loosely related or non-target roles, such as generic 'qa', 'quality', 'test', or manual-testing terms. In this skill's context, overbroad matching is security-relevant because the agent automatically scores and applies to jobs, so false matches can trigger unintended applications, resume submission, and downstream automation on external sites.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The orchestrator automatically submits applications and emails to external recipients once threshold and skip logic pass, with no hard confirmation at the submission point. Because the skill handles resumes, contact details, and tailored cover letters, a bad job feed, misclassification, or malicious posting could cause unintended disclosure of sensitive personal data to third parties.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill writes a WhatsApp preview message derived from job matches and user profile context to disk in a predictable local path without explicit consent, access controls, or minimization. In a job-hunting skill handling personal career data, this increases the chance of unintended disclosure to other local users, backup systems, synced folders, or later processes that read stale sensitive content.

Natural-Language Policy Violations

High
Confidence
95% confidence
Finding
The hard-coded exclusion list silently filters out jobs based on geography, work-authorization, and clearance-related phrases without user opt-in or clear documentation. In a job-application automation skill, this can materially alter opportunities presented to the user, embed opaque policy decisions, and create discriminatory or unfair outcomes that the user may never notice.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill processes highly sensitive personal data from resumes and writes tailored outputs to disk by default without explicit user notice, consent flow, retention controls, or secure file handling. In the context of an auto-job-application skill that runs daily and may generate many resume variants, this increases privacy exposure through unintended local persistence, backup sync, shared-machine disclosure, or later compromise of stored files.

Known Vulnerable Dependency: pymupdf — 1 advisory(ies): CVE-2026-3029 (PyMuPDF has a path traversal in _main_.py)

Low
Category
Supply Chain
Confidence
96% confidence
Finding
pymupdf

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal