ClawHub

Recruiting Resume Screening

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does legitimate resume screening, but its re-screening workflow tells the agent to search local history and caches for prior resumes, which can expose sensitive files beyond the current request.

Install only if you are comfortable with the agent looking for prior resume and JD files in local history, Downloads, cache, or temporary directories during re-screening. A safer version should require you to re-upload files or explicitly approve a recovered file list before any historical materials are opened. VirusTotal and the static scan were clean, and I did not find evidence of malicious exfiltration or destructive behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to recover prior materials by searching conversation history, local notes, Downloads, and attachment cache directories outside the files provided in the current request. That expands data access beyond the user's present batch and can expose unrelated historical resumes, JDs, or other local files, creating a clear scope-bypass and privacy risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance tells the agent to search local caches and common directories for historical attachments without any user-facing notice, confirmation step, or restriction to a narrowly scoped file list. Even if intended for convenience, this can lead to accidental access to unrelated files belonging to the same or another task, violating least-privilege expectations.

Ssd 3

High
Confidence
98% confidence
Finding
The re-evaluation workflow directs the agent to recover prior-session materials from historical notes and local cache locations, then filter and match files against previous candidate names and JD metadata. In the context of resume screening, this is especially dangerous because the data is highly sensitive PII/employment information, and the instruction normalizes cross-session access to historical files beyond the current request scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal