ClawHub

boss-job

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible job-search helper, but it can use a logged-in Chrome session to read private BOSS直聘 chats and send real messages from the user’s account through external tooling not included in the reviewed artifact.

Install only if you trust the referenced OpenCLI package, Chrome extension, and GitHub plugin. Use a separate Chrome profile if possible, and manually verify the job, recruiter or chat ID, and exact message text before allowing `greet` or `send` to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports sending greetings and chat messages using the user's authenticated BOSS直聘 session, but it does not warn that these actions cause real outbound communication and account activity. This is dangerous because a user or higher-level agent could invoke the skill assuming it is informational, resulting in unintended contact with recruiters, spam-like behavior, or reputational/account consequences.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow section normalizes a sequence of searching, viewing details, and then contacting recruiters or replying to messages, but omits any safety notice that these are live actions against the user's account. In context, the plugin reuses Chrome login state, which makes the risk more concrete because any agent following the workflow can immediately message third parties without additional authentication barriers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal