Recruiting
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent local recruiting helper, but it stores candidate information persistently and produces hiring recommendations that should remain under human review.
This skill appears locally scoped and consistent with its recruiting purpose. Before installing, be comfortable with local storage of candidate information, keep human control over all hiring decisions, and use only the reviewed scripts included with the skill.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may influence who gets interviewed or rejected, which can affect real candidates.
The skill produces scores and interview/reject recommendations in a hiring context. This is aligned with the stated recruiting purpose, but these outputs could be over-trusted if treated as final decisions.
Recommendation Categories ... Strong Interview ... Interview ... Maybe ... Reject (<3.0): Does not meet requirements
Use the outputs only as structured decision support. Require human review, apply documented job-related criteria, avoid protected-class or sensitive personal data, and follow employment-law/compliance requirements.
Candidate information may remain in the local workspace and be available to future sessions or anyone with access to those files.
The skill explicitly stores candidate-related information in persistent local files. This is disclosed and purpose-aligned, but it can include names, emails, notes, ratings, and communications.
memory/recruiting/candidates.json - Candidate profiles and status ... interviews.json - Interview guides and notes ... communications.json - Email templates and drafts
Store only necessary candidate information, avoid SSNs/DOBs and other highly sensitive data, secure the workspace, and delete recruiting files when no longer needed.
Mistaken or premature updates could make local recruiting records show an incorrect candidate outcome.
The included script can modify local candidate pipeline status, including high-impact labels like hired or rejected. It is scoped to local JSON files and requires explicit command arguments.
choices=['screening', 'phone_screen', 'technical', 'onsite', 'reference_check', 'offer', 'hired', 'rejected']
Confirm candidate IDs and stages before running updates, review generated changes, and keep backups or version history for recruiting records.
Some documented workflows may fail or require code that was not part of this reviewed artifact set.
SKILL.md references multiple scripts and reference files that are not present in the supplied manifest. The included scripts are simple local helpers, but the advertised package surface is incomplete.
`screen_candidate.py` ... `prep_interview.py` ... `draft_email.py` ... `generate_report.py`
Only run the included scripts unless missing helpers are supplied through a trusted, reviewed package. Do not fetch or execute ad hoc replacements.