ClawHub

Resume Screener Pro

Security checks across malware telemetry and agentic risk

Overview

This is a text-only recruiting assistant whose sensitive hiring use is expected from its purpose, but users should handle candidate data and AI recommendations carefully.

Install only if you intend to use it for recruiting support. Do not paste candidate resumes or interview notes unless you are authorized to process them, minimize unnecessary personal data, avoid relying on protected characteristics, and require human review before any hiring decision.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The invocation examples are very broad, generic user phrases such as asking to screen resumes or design interview questions, which can cause the skill to activate unintentionally in normal conversation. Because this skill processes hiring decisions and candidate materials, accidental activation can expose sensitive personal data to the wrong workflow and produce consequential employment-related outputs without explicit user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is designed to process resumes, interview evaluations, and final candidate recommendations, all of which involve sensitive personal data and high-impact employment decisions, yet it provides no privacy, consent, retention, or fairness warning. In this context, omission of safeguards is dangerous because users may submit PII and rely on automated hiring-impacting outputs without understanding legal, ethical, or compliance risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal