Back to skill
Skillv1.0.0
ClawScan security
Job · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 5:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements align with a job-search advisory tool; it asks for user-provided resume/job info (expected) and does not request system credentials or install anything.
- Guidance
- This skill is instruction-only and coherent with a job-search advisor. Before using it, be mindful that it will ask for personal career materials (resume, job descriptions, interview notes, references). Remove or redact highly sensitive PII (SSNs, passport numbers, bank details) before sharing, and avoid uploading confidential employer documents unless you are comfortable doing so. Because it runs only on provided text and installs nothing, risks are primarily about data you choose to share and the accuracy of its advice — verify negotiation or legal recommendations with a trusted human advisor when needed.
Review Dimensions
- Purpose & Capability
- okThe name and description (
- Instruction Scope
- noteThe SKILL.md is an instruction-only skill that provides detailed workflows and templates for diagnosing job-search phases, tailoring resumes, and preparing interviews. It will reasonably prompt for user-provided materials (resume, job descriptions, interview history) and run analysis on those inputs. The instructions do not instruct the agent to read system files, access credentials, or phone home to unknown endpoints. Because it processes personal career data, users should expect the skill to request or accept sensitive personal details (work history, contact info, references).
- Install Mechanism
- okNo install spec and no code files are present. This is the lowest-risk model: nothing is written to disk and no external packages are fetched during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional to its stated purpose. The only data it will need in practice is user-supplied personal/career data (resume, job descriptions), which is expected for this functionality.
- Persistence & Privilege
- okalways:false and default invocation settings are used. The skill does not request persistent/system privileges or modifications to other skills; it does not attempt to enable itself or write configuration for other components.