Skillv1.0.0

ClawScan security

反AI简历筛查助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 8:09 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only resume/ATS optimization toolbox and its requested resources, instructions, and files are coherent with that purpose — no unusual binaries, credentials, install steps, or hidden endpoints are present.
Guidance: This skill is an instruction-only resume optimizer and appears internally consistent. Before using it: (1) redact unnecessary highly sensitive personal data (national ID, passport number, home address, marital status) from any resume you upload; (2) review and confirm any quantitative claims the skill produces — do not submit fabricated or unverifiable numbers to employers; (3) if you must share company-confidential material, remove sensitive details first; (4) remember the platform/model handling your upload may transmit the resume text to a remote service (check the agent/platform privacy settings). If you want stronger guarantees, avoid uploading full documents and paste only the excerpts needed for optimization.

Purpose & Capability: okName/description promise ATS- and AI-focused resume optimization. The skill is instruction-only, contains templates and reference guides, and does not request unrelated binaries, environment variables, or cloud credentials. The declared capabilities align with the provided materials.
Instruction Scope: noteRuntime instructions ask the agent to request/upload resumes and JDs (expected). The guidance stays within resume optimization (diagnosis, keyword extraction, STAR rewriting, template output). One notable point: references advise using approximate numbers or ‘量级’ phrasing when precise metrics aren't available — this can encourage inventing or inflating quantifications if misused. The skill does state '真实性：优化表达，不编造经历', but users should confirm all quantitative claims before submitting applications.
Install Mechanism: okNo install spec and no code files that execute — lowest-risk model. All files are plain documentation/templates. No downloads or extraction steps are present.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There are no credential requests that would be disproportionate to resume optimization.
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modify other skills. It is user-invocable and may be invoked autonomously by the agent (platform default), which is expected for such a skill.