resume-job-match-lab
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a benign local resume/job-description helper, with only minor cautions about choosing file paths and verifying package version metadata.
Before installing, note the version mismatch and unknown source metadata. If you use the helper script, run it only on the resume and job-description files you intend to process, choose a clear output path, and review any rewritten bullets to ensure they do not add claims you cannot support.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the wrong paths, the script could process unintended local files or overwrite an existing `resume_match.json` in the working directory.
The helper script takes user-supplied input file paths and an output path, then reads those files and writes a JSON result. This is expected for the skill, but path selection matters.
ap.add_argument("resume_txt"); ap.add_argument("job_txt"); ap.add_argument("--out", default="resume_match.json")Use explicit resume/job-description input files and an explicit `--out` path, then review the generated output before sharing it.
It may be harder to confirm the exact release identity or upstream origin of the skill.
The registry metadata lacks an upstream source/homepage and lists version 1.0.0, while SKILL.md declares version 1.1.0. This is a packaging/provenance inconsistency, not evidence of hidden behavior.
Source: unknown; Homepage: none; Version: 1.0.0
The publisher should align registry, SKILL.md, and changelog versions; users should verify they are installing the intended package.