AI Interview Simulator
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Candaigo interview-simulation API guide, but it uses a Candaigo API key and can send interview or resume-related data to an external service.
This skill is not showing malicious behavior in the provided artifacts. Before installing or using it, make sure you trust the Candaigo service, protect the API key, and explicitly approve any action that uploads a resume, sends interview speech, starts a room, or advances an interview.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create or start interview rooms, send messages, or advance an interview if the user provides an API key and asks it to use these API calls.
The skill documents direct POST calls that mutate external interview-room state and send speech content. This is aligned with the simulator purpose, but it is still an account action the user should confirm.
curl -X POST https://me.candaigo.com/api/v2/agent/rooms ... /rooms/ROOM_ID/start ... /rooms/ROOM_ID/speak ... /rooms/ROOM_ID/advance
Confirm the room, action, and message content before allowing POST requests, especially for speak, start, and advance actions.
Anyone with the API key may be able to act through the Candaigo agent API as that registered agent.
The skill requires a bearer API key for Candaigo API access. This is expected for the service integration and no hardcoded or leaked credential is shown, but it gives account-level authority to API calls.
所有请求需在 Header 中携带 API Key:curl https://me.candaigo.com/api/v2/agent/jobs -H "Authorization: Bearer YOUR_API_KEY"
Use a dedicated API key for this skill, avoid sharing it in public or shared chats, and revoke or rotate it if it may have been exposed.
Resume details, interview messages, participant information, and evaluations may be transmitted to and stored by the Candaigo service.
The skill directs data to an external provider and explicitly includes resume upload and interview history functionality. That is purpose-aligned, but resumes, interview transcripts, and evaluations can contain sensitive personal information.
Base URL: `https://me.candaigo.com` ... description: Candaigo AI Interview Simulator ... check history, upload resumes.
Only upload resumes or interview content you are comfortable sharing with the provider; redact unnecessary personal information and review the service’s privacy terms.