51mee Resume Diagnose
v1.2.1简历诊断。触发场景:用户要求诊断简历质量;用户想优化简历; 用户问我的简历有什么问题。
⭐ 0· 207·0 current·0 all-time
by51mee@51mee-com
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (resume diagnosis) match the SKILL.md: it reads uploaded resumes, extracts text, calls a large model, and returns a structured JSON report. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to reading the uploaded resume, extracting text, and returning a typed JSON report. The prompt includes a safeguard line to ignore injection attempts. Remaining concerns: (1) the skill will process potentially sensitive PII from resumes (names, contact, employment history) but gives no handling/retention guidance; (2) resumes may contain payloads that try to manipulate prompts (they attempted mitigation in the prompt, but runtime behavior depends on the host model and agent safeguards).
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk because nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements are minimal and proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by platform default but the skill does not elevate privilege beyond normal.
Assessment
This skill appears to do what it says: analyze uploaded resumes and return a structured report. Before installing or using it, consider: (1) resumes contain sensitive personal data — only upload resumes you are comfortable sharing with the hosting agent/LLM and check retention/privacy policies; (2) if you need confidentiality, redact personal identifiers (name, phone, email, ID numbers) before upload; (3) resume files (PDF/IMG) will require OCR, which may expose additional data — verify how the host handles extracted text; (4) although the prompt includes an instruction to ignore prompt-injection inside resumes, models are not perfect — avoid embedding operational secrets in resumes and treat outputs as advisory rather than authoritative.Like a lobster shell, security has layers — review code before you run it.
latestvk977x5hx3jj9ypv46bmb0qyhdx830g29
License
MIT-0
Free to use, modify, and redistribute. No attribution required.