Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
One Page CV
v1.0.0Generate professionally tailored, one-page LaTeX/PDF resumes customized for specific job applications. Use this skill whenever the user mentions resume, CV,...
⭐ 0· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (tailor one-page LaTeX/PDF resumes) align with the instructions: the SKILL.md explains extracting user resume data, analyzing a JD, generating a .tex file and compiling via XeLaTeX. Required resources (XeLaTeX, fonts) are reasonable for LaTeX-based resume generation.
Instruction Scope
The instructions tell the agent to scan the working directory for *.pdf, *.md, *.json and to read those files as the source of truth — reading user files is reasonable for this task but expands scope to arbitrary local files with those extensions. The skill also explicitly instructs the agent to fabricate or 'make reasonable professional estimates' and require every bullet to include a numeric metric; that encourages generating potentially false or misleading claims about a candidate's impact. The skill also recommends optionally moving original files into a resumes/ folder (file modification) — acceptable with explicit user consent but should be confirmed each time.
Install Mechanism
There is no install spec and no code files, so nothing is written to disk by default. The SKILL.md includes commands to install XeLaTeX and fonts if missing; the external download references (Maple Mono via GitHub releases, miktex.org) are typical and traceable. The skill asks for user permission before installing, which reduces risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. All required system interactions are local commands (which xelatex, fc-list, ls, curl) consistent with a LaTeX-based resume generator.
Persistence & Privilege
always is false, the skill is user-invocable and can be invoked autonomously (platform default). It does not request persistent presence or modify other skills or global agent settings. File operations are limited to the working directory and only when the user is asked for consent.
What to consider before installing
This skill is coherent with its stated purpose and doesn't ask for secrets, but exercise caution before using it: 1) The skill will scan for and read local resume files (PDF/MD/JSON) — only run it in directories where you want those files examined. 2) It may offer to move your original files into a resumes/ folder — accept only if you want the agent to modify your files and confirm each time. 3) The SKILL.md instructs the agent to create numeric metrics when the user's resume lacks them; this can lead to fabricated or exaggerated claims. Do not permit automated invention of metrics you can't substantiate — review and correct all generated bullet points and numbers before sending any resume to an employer. 4) If asked to install TeX or fonts, verify the install commands and the download sources (the skill references GitHub releases and official project pages) and grant permission explicitly. If you want lower risk, run the skill in a controlled directory and review the generated .tex/.pdf locally before using it.Like a lobster shell, security has layers — review code before you run it.
latestvk970g3hkhxad9axhdcpmgjnex183s42n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.