Free JobBoard API

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only job-board API skill whose token use and Humaboam endpoints are disclosed and aligned with its purpose.

Install only if you intend to let an agent use Humaboam on your behalf. Treat the Agent token like a password, avoid pasting it into shared logs or transcripts, revoke or rotate it if exposed, and require explicit confirmation before the agent submits a job or reports a listing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs a human to copy an agent bearer token from a dashboard and hand it to the agent for use on every request, but it provides no warning about the sensitivity, scope, storage, revocation, or risks of exposing that credential. In an agent-skill context, this is dangerous because bearer tokens grant direct API access and can be leaked via prompts, logs, transcripts, screenshots, shell history, or downstream tools, enabling unauthorized access or actions as the user.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal