ClawHub

AI产品经理简历维护

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local resume helper whose file creation and export behavior fits its purpose, with no concrete evidence of theft, deception, or destructive actions.

Install only if you want a local resume workspace that creates and exports files. Keep the workspace private, avoid storing secrets, review generated HTML/PDF outputs and any CDN references before sharing, and confirm before running export scripts on sensitive resume data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill performs file reads and writes across a fixed workspace but does not declare permissions or present a clear permission boundary. This weakens auditability and user consent, making it easier for a skill to modify local data unexpectedly or for reviewers to underestimate its filesystem access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared description focuses on resume maintenance, but the skill also generates HTML/PDF via local scripts and the analysis indicates CDN-loaded frontend libraries are involved. That expands the attack surface beyond simple document processing into code execution and potentially network-dependent rendering, which can expose local content or introduce supply-chain risk not obvious from the description.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill automatically creates directories and writes multiple files in a local workspace without an upfront explicit warning to the user. This can lead to silent persistence of sensitive resume/worklog content and unexpected modification of local files, which is risky in an agent setting where users may assume chat-only behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The visualize/export flows invoke local Python scripts without an explicit execution warning or trust boundary. Script execution is materially riskier than plain markdown manipulation because it can perform arbitrary local actions, process untrusted content, and in this case may interact with HTML rendering and external assets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal