Recruiting
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a local recruiting assistant, but it stores candidate records and provides screening recommendations that need human review.
This skill looks safe to use for local recruiting workflows if you are comfortable storing candidate data in the OpenClaw workspace. Keep sensitive personal data out of it, treat screening recommendations as advisory only, and review any missing scripts before adding or running them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Candidate personal information and hiring status can remain on disk and may be available to later workflows that read the local recruiting files.
The script persists candidate names, emails, job IDs, and status information in local recruiting memory files.
RECRUITING_DIR = os.path.expanduser("~/.openclaw/workspace/memory/recruiting") ... "name": args.name, "email": args.emailStore only necessary candidate information, avoid highly sensitive data such as SSNs or dates of birth, protect the workspace, and delete records when no longer needed.
Users could over-rely on generated screening scores or recommendations in a high-stakes hiring context.
The reference material includes candidate scoring and interview/reject recommendations in an employment process, even though the skill also says humans must make final decisions.
- **Interview** (3.5-4.5): Good fit, standard process - **Reject** (<3.0): Does not meet requirements
Treat all screening output as a structured draft, check it against fair-hiring policies and applicable law, and require human review for every candidate decision.
Some documented workflows may not work as-is, and adding missing helper scripts from another source could introduce new behavior not reviewed here.
SKILL.md documents several helper scripts that are not included among the supplied files, so those workflows would require additional unreviewed code if sourced elsewhere.
`screen_candidate.py` | Evaluate resume against criteria ... `draft_email.py` | Generate communications ... `generate_report.py` | Create hiring metrics report
Use only the included reviewed scripts or separately review any missing helper scripts before running them.