Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Recruiting
v2.1.0Hiring workflow management with structured processes and candidate tracking. Use when user mentions hiring, job descriptions, resume screening, interviews, c...
⭐ 0· 244·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description describe a full hiring workflow (screening, interview prep, drafting communications, reminders, reports). The repo contains only three operational scripts (create_job.py, add_candidate.py, update_pipeline.py) that cover basic job/candidate/pipeline updates. Several claimed scripts and reference docs (e.g., screen_candidate.py, prep_interview.py, draft_email.py, view_pipeline.py, set_reminder.py, generate_report.py, references/communications.md, references/interview-prep.md, references/fair-hiring.md) are referenced in SKILL.md but are not present. This is disproportionately incomplete relative to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run many scripts that are not in the file manifest; that will lead to runtime failures or confused behavior if the agent follows the instructions. SKILL.md promises data is stored in memory/recruiting/, while scripts actually write to ~/.openclaw/workspace/memory/recruiting — a path mismatch. The instructions otherwise limit data storage to local files and explicitly forbid external sharing, and the included scripts do only local file I/O (no networking).
Install Mechanism
No install spec or external downloads; scripts are provided in the package and run locally. There are no network fetches or package installs declared. This is a lower-risk install profile.
Credentials
The skill requests no environment variables or credentials, and the scripts do not read secrets or external configs. Data is written under the user's home (~/.openclaw/workspace/memory/recruiting). That local storage choice is reasonable for a recruiting helper, though it should be documented that PII must be handled carefully.
Persistence & Privilege
always:false and normal invocation properties. The skill does not request persistent platform privileges or modify other skills. Its files write only to a per-user directory and do not change system-wide settings.
What to consider before installing
This package claims a full recruiting toolkit but only ships three small scripts; many commands and reference docs mentioned in SKILL.md are missing. Before installing or using it: 1) Do not assume missing features exist — ask the publisher for the missing scripts (screen_candidate.py, prep_interview.py, draft_email.py, view_pipeline.py, set_reminder.py, generate_report.py) and referenced docs. 2) Verify the exact data storage path (scripts use ~/.openclaw/workspace/memory/recruiting) and ensure you are comfortable storing candidate PII there; sanitize/remove sensitive fields (SSN, DOB) as recommended. 3) Test in a sandbox workspace to observe runtime behavior and confirm there are no network calls. 4) If you need the full described functionality, request a complete release or a clear changelog; the current mismatch could cause the agent to attempt non-existent actions or fail unexpectedly.Like a lobster shell, security has layers — review code before you run it.
latestvk973y9s0xxxwvxy2djnr07514582jk3j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.