Find Job UK

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Gumtree job-search helper with minor scope drift, but no evidence of credential access, data exfiltration, destructive behavior, or hidden persistence.

Install only if you are comfortable with bb-browser and the copied Gumtree helper scripts. Use the documented jobs category or a job subcategory every time, and pass only Gumtree listing URLs to the listing command. Search terms and locations are sent to Gumtree.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The implementation exposes a general Gumtree classifieds search while the surrounding skill is described as jobs-focused. That mismatch can let downstream agents or users retrieve unrelated categories if category inputs are broadened or omitted, undermining safety and policy assumptions built around a jobs-only workflow. In this context, the issue is more dangerous because higher-level tooling may trust the manifest and skip category validation, leading to unintended browsing of non-job content.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal