ClawHub

Xihu Hiring

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for a hiring report, but it pulls and persists sensitive applicant data without enough privacy, retention, or overwrite safeguards.

Install only if this will be run by authorized recruiting or HR personnel in a secure workspace with the correct Feishu bot permissions. Treat the generated Excel and /tmp payload as sensitive applicant data, avoid shared terminals or CI logs, delete temporary files after use, and confirm before overwriting an existing report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly states that it will overwrite a fixed filename in the current working directory, which can destroy or replace an existing file without user awareness. In a shared or automation-driven workspace, this can cause data loss, accidental replacement of manually edited reports, or corruption of unrelated files if the working directory is not what the user expects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions tell the operator to generate an Excel workbook containing candidate PII such as names, phone numbers, email addresses, schools, prior jobs, and CV links, and the script also prints override details including candidate names and serial numbers to stdout. Omitting any warning about sensitive data handling increases the chance that users store the file in an insecure workspace, share logs, or expose terminal output in CI/session transcripts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document handles highly sensitive applicant PII and employment data, including phone numbers, email, school, prior jobs, approval history, and interview progress, but does not include any privacy, authorization, minimization, or retention warning. In a hiring workflow, this omission increases the chance that operators export or share candidate data without adequate safeguards, leading to privacy violations or unauthorized processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions direct writing assembled applicant data to /tmp/hiring_payload.json, which creates a local persisted copy of sensitive hiring data without any warning about exposure, file permissions, cleanup, or retention. Even temporary directories can be readable by other local processes, included in diagnostics, or left behind after failures, making accidental disclosure of applicant PII more likely.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal