Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Recruiting
v2.3.0Hiring workflow management with structured processes and candidate tracking. Use when user mentions hiring, job descriptions, resume screening, interviews, c...
⭐ 0· 334·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (recruiting workflow) matches the included scripts' functionality (create job, add candidate, update pipeline). However the SKILL.md advertises many more capabilities (resume screening, interview prep, email drafting, reminders, reports) and many referenced scripts/files for those capabilities are missing from the package, so required functionality is incomplete.
Instruction Scope
SKILL.md explicitly states all data is stored locally and no external integrations are used; the included scripts adhere to this (file I/O only). But the instructions repeatedly reference scripts (screen_candidate.py, prep_interview.py, draft_email.py, view_pipeline.py, set_reminder.py, generate_report.py) and reference docs (interview-prep.md, communications.md, fair-hiring.md) that are not present — this mismatch gives the agent ambiguous runtime instructions and could lead to errors or unexpected behavior.
Install Mechanism
No install spec and no external downloads; the skill is instruction + a few local Python scripts. That minimizes install-time risk (no external code fetched).
Credentials
The skill requests no environment variables, no credentials, and the scripts operate on local files under a recruiting directory. There are no requests for unrelated secrets or system-wide credentials.
Persistence & Privilege
Skill does not request always:true and does not modify other skills. It writes to a directory in the user's home (~/.openclaw/workspace/memory/recruiting), which is consistent with declared local storage and not an elevated/system-wide location.
What to consider before installing
This package appears to implement basic local recruiting utilities (create job, add candidate, update pipeline) and does not contact external services or request secrets — that's good. However: 1) SKILL.md promises many more scripts and reference docs that are missing; verify whether the maintainer intentionally omitted those or if you received an incomplete package. 2) Confirm the exact data path: SKILL.md says memory/recruiting/ while scripts write to ~/.openclaw/workspace/memory/recruiting; make sure you’re OK with that location and that no other unexpected files will be written. 3) Before using for real candidate data, inspect or run the scripts in an isolated environment, and consider not storing sensitive PII (SSN, DOB) as the skill explicitly warns against it. 4) If you need the advertised features (screening, interview prep, email drafts, reminders, reports), ask the publisher for the missing scripts and reference docs or get source for those components and review them before granting the skill autonomy. If you’re unsure who the publisher is, prefer to run these scripts manually rather than enabling autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
candidatesvk97d07kbazmykn94n36skm60rd82gf10hiringvk97d07kbazmykn94n36skm60rd82gf10hrvk97d07kbazmykn94n36skm60rd82gf10jobsvk97d07kbazmykn94n36skm60rd82gf10latestvk977qf4mqef7wjpypvpb5a46y182k78trecruitingvk97d07kbazmykn94n36skm60rd82gf10
License
MIT-0
Free to use, modify, and redistribute. No attribution required.