ClawHub

Resume Master

Security checks across malware telemetry and agentic risk

Overview

This resume-building skill is coherent and not malicious, but some bundled HTML templates can fetch remote fonts or images when rendered.

Install only if you are comfortable using a resume tool that edits local HTML/PDF files and may process sensitive personal resume details. For privacy-sensitive use, remove or replace remote template links and images before rendering, and render only HTML you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The template loads a profile photo from a third-party OSS URL, which causes network access whenever the HTML is rendered or converted to PDF. In a resume-generation skill, this can leak usage metadata such as IP address, timing, and possibly document-generation context to an external service, and it also creates a supply-chain risk if the remote image is changed or removed.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The template loads third-party resources from cdnjs and Google Fonts at render time, which creates implicit network egress, leaks user IP/User-Agent and usage metadata, and makes PDF generation dependent on external availability and content integrity. In the context of a resume-writing skill that should directly produce editable HTML/PDF artifacts, this is more dangerous because resumes may contain sensitive personal data and may be rendered in controlled or offline environments where external fetches are unexpected.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
Embedding a remotely hosted photo causes every render/open of the resume to fetch content from an external object store, exposing access metadata and allowing the image to change or disappear after delivery. Given this skill handles resumes and printable PDFs, the risk is heightened because personally identifiable information may be associated with external requests and the final document is not self-contained or reproducible.

Description-Behavior Mismatch

Low
Confidence
94% confidence
Finding
The template depends on external network resources (Google Fonts and a remote OSS-hosted image) even though the skill’s stated purpose is local HTML resume generation and printable PDF delivery. This creates unnecessary data egress, privacy leakage, and supply-chain availability risk because rendering the resume may contact third parties and fail or change if those resources are unavailable or modified.

Context-Inappropriate Capability

Low
Confidence
96% confidence
Finding
Loading third-party fonts and a remote avatar is not necessary for the core function of editing and exporting a resume, so it expands the attack surface without functional need. When opened or rendered to PDF, the document may disclose user IP, timing, and environment metadata to external services, and remote assets can be changed, blocked, or used for tracking.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The template loads a remote Google Fonts stylesheet, which creates an outbound network dependency in what is described as a directly editable local HTML resume template. When opened or rendered to PDF, this can leak user IP, user-agent, timing, and document access metadata to a third party, and can also reduce reliability if the resource is blocked or changed.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The template embeds a remote profile image hosted on an OSS domain, so opening or exporting the resume causes a request to a third-party server. This can leak access metadata and gives the remote host control over returned content availability; in some renderers, remote image fetching may also create SSRF-like exposure if used in sensitive internal environments.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The combined use of remote font and image resources introduces unnecessary network capability into a resume template that should be self-contained. In the skill context, this is more dangerous because resume generation often handles personal information, and rendering the file may silently disclose that a specific user's resume was opened, from where, and when.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The template loads a profile photo from an external URL, which causes network access during resume rendering and leaks user metadata such as IP address, user agent, and access timing to a third party. In a resume-generation skill whose core purpose is local HTML/PDF creation, this remote dependency is unnecessary and creates privacy, reliability, and supply-chain risk if the image is changed or the host becomes unavailable.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest enables implicit invocation with `allow_implicit_invocation: true` but does not define narrow trigger conditions or clear user-consent boundaries. This can cause the skill to be auto-selected in broader contexts than intended, which is risky here because the skill can modify resume source files and export final documents, potentially leading to unintended file edits or document generation.

Missing User Warnings

Low
Confidence
89% confidence
Finding
Because the remote image is fetched silently, users are not informed that opening or rendering the resume may contact an external host. In this skill context, resumes may contain sensitive personal information, so undisclosed external fetches weaken privacy expectations even if the image request itself does not directly transmit the full document.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal