ClawHub

猎聘求职助手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Liepin job-search helper, but it needs review because it handles a long-lived account token and can change resumes or submit applications.

Install only if you trust this skill with your Liepin account and resume data. Prefer LIEPIN_TOKEN over config.json, avoid pasting tokens into shared chats, preview every resume change and job application before approving it, and revoke or clear the token when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation explicitly instructs use of the `LIEPIN_TOKEN` environment variable and a fallback `config.json`, which confirms access to sensitive credentials despite no declared permissions. Undeclared credential access weakens reviewability and consent boundaries, making it easier for a skill to handle secrets without transparent permission signaling.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include broad everyday expressions such as '找工作', '搜职位', and '投简历', which can cause the skill to activate unintentionally in ordinary conversation. Because this skill can view resumes and submit job applications, accidental activation could expose sensitive profile data or initiate consequential actions in the wrong context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly tells users to send their authentication token in chat, which encourages disclosure of a bearer credential through a conversational channel that may be logged, retained, or exposed to unintended parties. Because this token authorizes access to job search, resume, and application actions, leakage could allow unauthorized access to sensitive account data and actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API reference documents tools that can modify resume data and submit job applications, but it does not clearly warn that these are state-changing external actions. In an agent setting, this increases the risk of users or downstream components invoking destructive or irreversible operations without informed consent, potentially causing unwanted profile changes or unintended applications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes a bearer token directly into config.json on disk when passed as a command-line argument, and only afterward prints a tip that using the environment variable is safer. Persisting credentials in plaintext increases exposure through local file disclosure, backups, sync tools, permissive file permissions, or accidental inclusion in logs and support bundles. In this skill context, the token grants access to job-search and resume-management actions, so compromise could expose personal data or enable unauthorized account operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal