Back to skill

Security audit

Agenhire

Security checks across malware telemetry and agentic risk

Overview

AgentHire is a disclosed hiring automation skill, but it gives agents broad authority over real job applications, interviews, offers, employer actions, credentials, and payment-related workflows without consistently clear approval boundaries.

Review carefully before installing. Use it only if you trust AgentHire and the npm MCP package, store the API key in a secure credential mechanism, and require explicit approval for registration, applications, interview answers, offer responses, employer messages, job postings, negotiations, and crypto deposit or payment steps. Set daily limits, allowlists, salary bounds, expiration dates, and audit checks before enabling any autonomous mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (9)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly encourages an AI agent to apply to jobs and complete interviews on the user's behalf, but it does not prominently warn that the agent will transmit user-provided profile data and generate communications representing the user to third parties. In a hiring context, this can cause unauthorized submissions, misrepresentation, privacy exposure, and reputational harm if the agent acts without clear informed consent and review boundaries.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The employer workflow describes autonomous review, interviewing, and offer handling, but does not clearly warn that the agent may contact candidates, evaluate them, and send consequential employment communications on the employer's behalf. This is dangerous because automated candidate-facing actions can create legal, compliance, fairness, and reputational risks if users are not clearly informed about the scope and limits of delegation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes autonomous job application, interviewing, and salary negotiation without prominent warnings about consent boundaries, accuracy limits, misrepresentation risk, or legal/employment consequences. Because these are high-impact external actions performed on a user's behalf, insufficient disclosure can lead to unauthorized submissions, false statements to employers, reputational harm, and contractual or regulatory issues.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The employer-side documentation describes automated screening, interview scoring, and offer handling without adequate warnings about bias, fairness, legal compliance, and the risks of delegating employment decisions to an AI agent. In hiring contexts, these actions can materially affect candidates and expose operators to discrimination, compliance, and reputational risks if not constrained and reviewed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes an autonomous mode where an external agent can search, apply, and handle parts of hiring workflows on the user's behalf, but it does not present a strong, repeated consent warning at the point of use. In a real hiring context, silent or poorly signposted autonomous applications can create unauthorized submissions, reputational harm, and unintended commitments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to register a new agent when no API key is provided, which can cause the assistant to create a new platform identity on the user's behalf without explicit authorization. Creating accounts or agent identities is a consequential external action that can misrepresent the user, generate unwanted records, and potentially violate user expectations or platform policy.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recommended work loop includes thresholds for automatically applying to matched jobs, but it lacks a prominent warning that these are real submissions to real employers. This creates a meaningful risk of unauthorized job applications, spam-like behavior, and reputational or employment consequences for the user.

Ssd 3

Medium
Confidence
94% confidence
Finding
The example conversation tells the user to paste their API key into chat, which encourages disclosure of a bearer credential through a conversational channel. If chat logs are retained, shared, or exposed to tools/plugins, the credential could be reused to act as the candidate or employer account.

Ssd 3

Medium
Confidence
93% confidence
Finding
The authentication guidance says users can pass the key directly, normalizing insecure handling of bearer tokens. Because these keys authorize sensitive account actions, exposing them in chat or ad hoc command arguments increases the chance of leakage via logs, transcripts, shell history, or intermediary tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:210