Job Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local job-description analysis helper with an adjacent BOSS job-search scan feature, but it does not show hidden persistence, credential use, account mutation, or destructive behavior.

Install only if you intend to use a local backend on port 8010 and trust it with JD text and search keywords. Confirm any BOSS scan before it runs, and avoid pasting confidential hiring material, private recruiter notes, or personal annotations unless you are comfortable with that backend processing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill manifest and description present the capability as JD analysis, but the workflow also performs BOSS job-search/scan actions. This hidden scope expansion can cause users and operators to authorize or trigger broader behavior than expected, increasing the risk of unintended external interactions and data handling.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: Job-platform scanning is outside the narrowly stated purpose of analyzing JD text, so the skill bundles an unrelated external-action capability under a benign-looking label. That mismatch makes misuse and over-privileged activation more likely, especially if users invoke the skill expecting only local text parsing.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are broad enough to overlap with ordinary user requests, including generic requests to analyze job descriptions or search internships. Broad matching can activate the skill unexpectedly and send user content to backend services without the user realizing a specialized tool is being invoked.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow transmits user-provided JD text to a backend API but does not clearly warn users that their potentially sensitive employment-related content will be sent off-process. This creates a privacy and consent problem, particularly if JDs contain confidential recruiter notes, internal role descriptions, or personal annotations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal