ClawHub

Human Resources - Claude HR plugin as a skill

Security checks across malware telemetry and agentic risk

Overview

This HR skill is not malicious, but it should be reviewed carefully because it can auto-activate around sensitive HR topics and encourages access to employee, candidate, compensation, chat, calendar, and email systems without clear consent or privacy controls.

Install only if you are comfortable treating this as a high-sensitivity HR assistant. Before connecting HRIS, ATS, compensation, email, chat, or calendar systems, restrict scopes, require explicit user confirmation before retrieving or sharing person-specific records, avoid broad auto-use in casual conversations, and review the remote sub-skills fetched by setup.sh because they are not pinned in this package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states that some sub-skills trigger automatically 'when the topic comes up,' which creates ambiguous activation boundaries for a high-sensitivity HR skill. In an environment where the agent has access to HRIS, ATS, compensation, or employee records, broad auto-invocation can cause the skill to engage during ordinary discussion and pull or reason over sensitive personnel data without sufficiently explicit user intent.

Vague Triggers

High
Confidence
97% confidence
Finding
The label 'Anything HR-Related (Auto-Triggered)' is excessively broad for a domain involving highly sensitive employee, recruiting, and compensation information. This increases the chance that common workplace questions are interpreted as authorization to activate the skill, potentially exposing private data, producing sensitive inferences, or initiating actions inappropriately.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README encourages connecting HRIS, ATS, compensation, chat, calendar, and email systems to enrich HR workflows but provides no privacy, authorization, data-minimization, or retention guidance. Because these systems commonly contain PII, compensation data, candidate records, and performance information, missing safeguards can lead to over-collection, unauthorized access, or accidental disclosure in responses and reports.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal