简历评估器

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward resume-review helper that reads resumes from a user-chosen folder and outputs candidate ratings, with no code, network access, or persistence shown.

Use a dedicated folder containing only the resumes you intend to evaluate, and confirm you have permission to process and share candidate personal information before using the generated table.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to scan and read all resumes in a user-specified directory, which can expose highly sensitive personal data such as names, ages, education history, employers, and other PII without any built-in minimization, consent check, or warning. In skill context, this is more dangerous because the task is bulk processing of resumes, so over-collection and unintended access to unrelated files becomes more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal