Job Auto Apply

Security checks across malware telemetry and agentic risk

Overview

This job-application automation skill mostly fits its purpose, but it includes anti-bot bypass guidance and unclear safeguards for sensitive applicant data, so it should be reviewed before use.

Install only if you are comfortable with an agent handling resumes, employment history, credentials, and job-platform submissions. Before using it, require manual approval before every external submission, avoid captcha-solving or proxy-evasion workflows, store credentials in a secure vault or environment variables, and confirm where any local profile, log, or results files are saved and how to delete them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises and demonstrates local file-writing behavior (for profiles, configuration, and saved results) but does not declare permissions. Undeclared write capability weakens the host's trust model because users and the orchestrator may not realize the skill can persist personal application data or modify files on disk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The description promises autonomous multi-platform job search, form filling, submissions, and ongoing tracking, while the analyzed behavior reportedly only simulates much of that functionality and writes local results. This mismatch is dangerous because users may authorize disclosure of resumes, employment history, or credentials under false assumptions about what the skill really does, and defenders cannot accurately assess the real data flows or side effects.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The document explicitly recommends captcha-solving services and, elsewhere in the same section set, proxy-based evasion techniques to overcome anti-abuse controls on third-party job platforms. Those capabilities materially expand the skill from ordinary job application automation into bypassing platform defenses, which can enable unauthorized scraping, account abuse, and policy evasion using the user's credentials and personal data.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Advising the use of residential proxies to handle captcha blocks is a clear anti-detection/evasion pattern. In the context of an auto-apply skill, this makes the system more dangerous because it facilitates scaling automated submissions while concealing origin and bypassing platform protections, increasing the risk of abuse, account lockouts, ToS violations, and misuse of applicant identities.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad enough to activate on ordinary requests for job-search help or application advice, potentially invoking automation in situations where the user only wanted guidance. In this context, accidental activation is more dangerous because the skill handles highly sensitive career data and may generate or submit content on the user's behalf.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill description does not clearly warn that it may handle and transmit sensitive personal and employment data to third-party platforms, nor that AI may autofill screening responses. In a job-application context, this creates elevated risk of unintended disclosure, inaccurate submissions, and reputational or legal harm if answers are generated without informed consent.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The script writes application results to a local JSON file without any notice, consent flow, or controls around what data may be stored. In the context of an auto-apply skill that handles sensitive employment data, this can unintentionally persist personal and job-search metadata on disk where other local users, backup systems, or malware could access it.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The file provides concrete scraping and form-automation instructions for interacting with job platforms and submitting application data, but does not present an upfront warning about privacy, credential handling, platform terms, or the risks of automated submissions before those instructions. Because this skill handles sensitive personal and employment information and can act on external sites, the lack of early safety framing increases the chance of unsafe deployment and unintended disclosure or misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal