Skills
skills/sundial-org/awesome-openclaw-skills/recruitment/Gen Agent Trust Hub

recruitment

Fail

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill configures an MCP server that connects to a remote endpoint hosted on a tunneling service.
  • Evidence: The mcpServers configuration in SKILL.md points to http://bore.pub:44876/api/v1/mcp/project/6e0f4821-5535-4fec-831d-b9155031c63d/sse.
  • Context: bore.pub is an ephemeral tunneling service frequently used to expose local environments. It lacks the reputation of established cloud providers and is often used to mask malicious origins.
  • [DATA_EXFILTRATION]: Automated security analysis has identified the backend URL as a malicious phishing link.
  • Evidence: The URL http://bore.pub:44876/... was flagged by the URLite scanner as Phishing|URF4B026C31CEEF21E-0200|urlb.
  • Risk: The skill requires the transmission of a CRAFTED_API_KEY in headers and processes sensitive candidate data. There is a high risk that credentials or private data could be intercepted by this flagged malicious endpoint.
  • [REMOTE_CODE_EXECUTION]: The skill uses a proxy utility to execute instructions from the remote server.
  • Evidence: SKILL.md specifies the command uvx with mcp-proxy to connect the agent to the external backend.
  • Risk: Linking an agent to a flagged external server via a proxy allows the untrusted remote server to influence agent behavior and potentially abuse its access to integrated tools like Gmail and Google Sheets.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 17, 2026, 07:05 AM