ClawHub

龙港求职技能

Security checks across malware telemetry and agentic risk

Overview

The skill matches its job-search purpose, but it automatically emails scraped results using embedded QQ mail credentials and a default recipient, so users should review it before installing.

Install only after reviewing the email behavior. Prefer a revised version that removes the embedded QQ SMTP password, requires the user to provide and confirm the recipient and mail-sending method, and previews the exact job/contact data before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation phrases are very broad, especially generic commands like '帮我找工作' and variants with loosely structured parameters. This increases the chance of accidental activation during ordinary conversation, which could trigger web scraping and outbound email actions without the user clearly intending to invoke the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs an external side effect by automatically emailing scraped results, but the description does not prominently warn users that invoking the skill may send data to an email recipient, including a default address. This can lead to unintended disclosure of scraped content or user-directed output to an unexpected mailbox, especially if the default recipient is not owned by the current user.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script automatically emails scraped data to a recipient, and if the user does not provide one, it defaults to a hardcoded third-party QQ mailbox. It also embeds live SMTP credentials in source code, creating both unauthorized data transmission and credential exposure risk; in this skill context, that makes the behavior significantly more dangerous because scraped contact information is sent off-device without meaningful user confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal