ANDG
v1.0.0Rewrite raw experience descriptions into stronger, clearer, and more job-relevant resume bullets.
⭐ 0· 208·1 current·1 all-time
byAndrew@andrewgufx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (rewrite resume bullets for job relevance) matches the SKILL.md instructions. No binaries, env vars, or config paths are requested, which is appropriate for this purpose. (Minor note: the registry name 'ANDG' vs the SKILL.md name 'bullet-rewriter' is a superficial naming mismatch but not a security problem.)
Instruction Scope
The instructions themselves are narrowly scoped to rewriting bullets and explicitly prohibit fabricating metrics, which is good. However, the final line of SKILL.md — "Respond with your evaluation as a single JSON object." — conflicts with the earlier explicit resume-output format and appears out of place. This internal inconsistency could cause unpredictable agent behavior (e.g., returning an evaluation object instead of the requested bullet sections).
Install Mechanism
There is no install spec and no code files; this is instruction-only, which is the lowest-risk installation profile.
Credentials
The skill requires no environment variables, credentials, or config paths — appropriate and proportionate for a text-rewriting assistant.
Persistence & Privilege
always is false and there is no request for persistent system-level presence. The skill allows autonomous invocation (default), which is normal; combined with the minimal requested privileges, this is not concerning.
Assessment
This skill appears to be what it says: a resume bullet rewriter with no extra permissions or installs. Consider these points before installing: (1) Source/owner is unknown and there's no homepage — that reduces trustworthiness; prefer skills from identifiable authors. (2) The SKILL.md contains a mismatched final instruction asking for a JSON evaluation object, which is likely a copy/paste error — expect occasional odd outputs and verify results. (3) The skill will process whatever text you paste, which may include personal data; avoid sending very sensitive PII (full SSNs, passports, etc.). (4) The skill explicitly tells the model not to fabricate metrics — still manually verify any numbers or claims before using them on a resume. If you need higher assurance, ask the owner for a homepage or source repo, or run a quick test with non-sensitive sample text to confirm behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97ebhkm0kk586gdh11h3hfzqx82egn9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
✍️ Clawdis