Is farseek safe?

https://clawhub.ai/farseek2020/farseek

92
SAFE

Farseek is a documentation-only skill that describes a job search API. It contains no executable code, no prompt injection patterns, and no hidden instructions. The only notable consideration is that its intended use involves sending user career data to a third-party service (farseek.ai) without referencing a privacy policy, which is a minor transparency gap rather than a security threat.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 82/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (5)

LOW User career data sent to third-party API -12

The skill instructs the agent to POST user-provided career information (skills array, location, current/desired role, historical job titles) to https://farseek.ai/api/v1/search. While this is the documented and transparent purpose of the skill, it means personal professional data leaves the user's environment and is processed by a third-party service whose data retention and privacy policies are not referenced in the skill documentation.

LOW No privacy policy or data handling disclosure -6

The skill documentation does not reference a privacy policy, terms of service, or data retention policy for the farseek.ai service. Users have no visibility into how their submitted career data is stored, shared, or retained.

INFO External API endpoint documented but not auto-triggered -8

The skill documents an external API endpoint but does not contain instructions that would cause the agent to automatically call it without user initiation. The agent would only call the API when the user explicitly requests a job search.

INFO Potential for over-sharing career data in agent context -15

In a multi-skill agent environment, if the agent has access to resume files or personal documents, it could potentially be prompted to extract and forward more detailed career information to the farseek.ai API than the user explicitly intended, though this requires active user participation.

INFO Network connection to clawhub registry during install -5

Expected HTTPS connection to 216.150.1.1:443 (clawhub.ai registry) during skill installation. No other outbound connections were initiated by the skill.