ClawHub

CN Resume Optimizer 简历优化师

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese resume and interview coaching skill with no code execution, install hooks, persistence, credential use, or hidden data movement.

Use this skill if you want Chinese-language resume, job-search, and interview help. Because resumes can contain sensitive personal and employer information, share only details you are comfortable giving to the agent or connected service, and consider removing unnecessary identifiers such as exact address, ID numbers, marital status, or confidential company data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad everyday job-seeking phrases such as “求职”, “写简历”, and “面试准备”, which can cause the skill to activate in contexts where the user did not explicitly request this skill. Over-broad activation can route unrelated conversations into the skill, increasing the chance of unintended processing of personal resume or employment data and reducing reliability of skill selection.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill is framed as Chinese-language operation without giving the user a language choice, which can cause responses in an unexpected language and mis-handle user-provided content if the conversation is in another language. This is mainly a safety and usability issue rather than a direct security exploit, but it can still lead to misunderstanding of sensitive resume or interview content.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal