ClawHub

Jd Interview Prep Helper

Security checks across malware telemetry and agentic risk

Overview

This is a coherent interview-preparation helper that uses search, reading a provided JD, and saving a markdown guide in ways that match its stated purpose.

Install this if you want structured interview-prep output for a role or company. Before using it, avoid providing confidential recruiter messages or private JD details unless you are comfortable with the agent reading them, and ask the agent to keep results inline or avoid web search when the interview context is sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description says to use this skill whenever the user asks about interview prep, mentions a specific company and JD, or wants to prepare for a technical interview. That scope is broad enough to capture generic interview-help requests and may cause unintended invocation over more appropriate or narrower skills, increasing the chance of irrelevant web research or file-writing behavior being triggered without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'When to Use' section lists activation conditions like 'user mentions interview preparation' and 'asks about what to study for a specific interview' without defining boundaries. In an agent environment, ambiguous routing criteria can lead to over-triggering, causing unnecessary tool use, overcollection of company data, or outputs that do not match the user's actual request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to save the preparation guide to a file with a specific naming convention, but it does not require notifying the user or obtaining consent before writing. Silent file creation is risky because it can surprise users, overwrite existing work, or persist sensitive job-search information locally without the user's awareness.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description contains broad activation directives such as using the skill whenever the user asks about interview prep, mentions a specific company and JD, or wants technical interview preparation. This can cause over-triggering on ordinary conversation, leading the agent to invoke web/search/read/write-capable tooling unnecessarily and expand the skill's influence beyond clearly scoped user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal