Oathe Security Badge

Is AGIstack/recruiting-pro safe?

https://clawhub.ai/AGIstack/recruiting-pro

78
CAUTION

The recruiting-pro skill appears to be a legitimate recruiting workflow management tool with appropriate safety boundaries and functionality. However, it accessed multiple sensitive credential files during installation, which is concerning behavior that could indicate environmental scanning capabilities.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 50/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

HIGH Sensitive Credential File Access -30

The skill installation process accessed multiple sensitive credential files including .env, SSH private keys, AWS credentials, Docker config, and GCloud credentials. While no exfiltration was detected, this behavior indicates environmental scanning that could be used maliciously.

MEDIUM External API Network Connections -15

During installation, the skill made network connections to external APIs including clawhub.ai and other endpoints. While this appears related to the installation process, it represents unexpected network activity.

LOW Executable Python Scripts -10

The skill contains executable Python scripts for managing recruiting data. While the scripts appear benign and focused on legitimate recruiting workflow functionality, they represent potential code execution vectors.