ClawHub

Job Hunter

Security checks across malware telemetry and agentic risk

Overview

The skill’s job-search purpose is coherent, but one included helper script can execute local Python code from crafted job-search input, so it should be reviewed before use.

Review before installing. The skill appears intended for normal job-search assistance and does not show hidden exfiltration or destructive behavior, but avoid running scripts/search_jobs.sh until it is patched to pass values safely to Python and validate numeric options. Keep generated profile and tracker files in a private workspace, and only set BRAVE_API_KEY if you intend the script to query Brave Search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes network access (`web_search`) and shell commands (`bash`, `python3`, scripts) but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a host may expose external connectivity or command execution without users or reviewers being explicitly warned, increasing the chance of unintended data exposure or unsafe command execution in a skill that processes user profile data.

Missing User Warnings

Low
Confidence
97% confidence
Finding
The script interpolates user-controlled ROLE and LOCATION values directly into a JSON document and URL/query strings without JSON escaping or structural validation. An attacker can supply quotes, backslashes, newlines, or JSON fragments that break the output format or inject additional fields, which is dangerous if downstream agent components parse this JSON and act on modified search queries or fetch targets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal