AI Interview Simulator
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create or start interview rooms, send messages, or advance an interview if the user provides an API key and asks it to use these API calls.
The skill documents direct POST calls that mutate external interview-room state and send speech content. This is aligned with the simulator purpose, but it is still an account action the user should confirm.
curl -X POST https://me.candaigo.com/api/v2/agent/rooms ... /rooms/ROOM_ID/start ... /rooms/ROOM_ID/speak ... /rooms/ROOM_ID/advance
Confirm the room, action, and message content before allowing POST requests, especially for speak, start, and advance actions.
Anyone with the API key may be able to act through the Candaigo agent API as that registered agent.
The skill requires a bearer API key for Candaigo API access. This is expected for the service integration and no hardcoded or leaked credential is shown, but it gives account-level authority to API calls.
所有请求需在 Header 中携带 API Key:curl https://me.candaigo.com/api/v2/agent/jobs -H "Authorization: Bearer YOUR_API_KEY"
Use a dedicated API key for this skill, avoid sharing it in public or shared chats, and revoke or rotate it if it may have been exposed.
Resume details, interview messages, participant information, and evaluations may be transmitted to and stored by the Candaigo service.
The skill directs data to an external provider and explicitly includes resume upload and interview history functionality. That is purpose-aligned, but resumes, interview transcripts, and evaluations can contain sensitive personal information.
Base URL: `https://me.candaigo.com` ... description: Candaigo AI Interview Simulator ... check history, upload resumes.
Only upload resumes or interview content you are comfortable sharing with the provider; redact unnecessary personal information and review the service’s privacy terms.