ClawHub

resume-generator-cn

v1.0.0

简历生成器 - AI 驱动的中英文简历生成、优化、模板(简历中国版)

0· 766·3 current·3 all-time
byGuohongbin@guohongbin-git
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and content (templates, ATS advice, bilingual options) are consistent with a resume generator. However, the README-style instructions depend on local scripts (generate-resume.sh, optimize-resume.sh, analyze-jd.sh) and these scripts are not bundled in the package, which is unexpected for an instruction-driven skill.
!
Instruction Scope
SKILL.md explicitly instructs executing local shell scripts and reading files like resume.md and job-description.txt. Because the referenced scripts are absent, it's unclear what code would run; if an implementation were fetched or created later, those scripts could run arbitrary shell commands. The instructions do not ask to transmit data externally, but they do direct execution of unspecified scripts and access to potentially sensitive local files.
Install Mechanism
No install spec (instruction-only) and no downloads — lowest install risk. The skill won't write new files by itself as packaged.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportional to a resume-generation/optimization tool. Note: the instructions would read local files (resumes, JDs) which can contain PII — normal for this purpose but worth protecting.
Persistence & Privilege
always is false and autonomous invocation is allowed by default; neither is unusual here. The skill does not request persistent system privileges or modify other skills.
What to consider before installing
This package looks like documentation for a resume tool but is missing the ./scripts/*.sh files it instructs you to run. Do not run commands that refer to scripts you can't inspect. Ask the author for the missing scripts or a full install, and review those scripts' contents before executing them. Because those scripts would access local resume and job-description files (which may contain personal data), run any untrusted scripts in a sandbox or disposable environment. Verify provenance (author/homepage is missing) and prefer a version that includes the actual implementation or an official install instruction (e.g., a published repo or release). If you can't obtain the scripts from a trusted source, treat this as incomplete/untrusted and avoid installing or running it on machines with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk977zsa0bgbcjczgneja259gx581evyq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis

Comments