Back to skill
Skillv1.0.0
ClawScan security
简历优化助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 4:43 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (resume editing, HTML generation, PDF export, interview Q&A) and it requests no extra credentials or installs.
- Guidance
- This skill appears coherent and low-risk, but it will read and write files in your workspace and therefore will handle potentially sensitive personal data (resume contents, contact info, projects). Before installing or using it: (1) confirm where your agent's workspace is stored and who/what has access to that storage; (2) avoid supplying highly sensitive secrets (full ID numbers, passwords, private keys) in your resume content; (3) review generated HTML/PDF and interview Q&A for correctness and unwanted disclosures before sharing externally; (4) test the skill with a redacted or dummy resume first to confirm behavior; (5) note that PDF export is manual via your browser — the skill does not declare external network calls or installs, but the platform agent may have network capabilities beyond the skill instructions, so consider your agent's broader permissions if you need stricter privacy.
Review Dimensions
- Purpose & Capability
- okName/description align with the SKILL.md. All declared requirements are minimal (none), and the actions described (read/modify/save resumes in workspace, generate HTML, assist with interview Q&A) are appropriate for a resume helper.
- Instruction Scope
- noteInstructions stay within the resume-editing domain (collect resume text, produce HTML, save outputs to workspace, guide user to export PDF). Note: the skill explicitly reads and writes files in the user's workspace (resume and Q&A documents), so it will handle personal data — review outputs and storage location.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk by an installer. This is the lowest install risk.
- Credentials
- okNo environment variables, credentials, or external config paths are requested — proportional to the stated functionality.
- Persistence & Privilege
- okalways:false and user-invocable. The only persistent behavior described is saving generated files to the user's workspace, which is consistent with purpose and not an elevated platform privilege.