UP 简历 - 让 Agent 帮你写简历找工作
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a coherent resume and job-search helper, but its job-monitoring workflow creates persistent scheduled tasks and includes an unsafe cron cleanup instruction that could remove unrelated user jobs.
Install only if you are comfortable connecting an UPCV API key and letting the assistant read and edit resume data. Be especially careful with the job-monitor feature: review any generated cron or launchd task before enabling it, and do not use `crontab -r` to stop it unless you truly intend to remove all cron jobs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent gives or runs this stop command, the user could lose unrelated scheduled tasks on their machine.
`crontab -r` removes the user's entire crontab, not just the monitor entry created by this skill. That is an overbroad and potentially destructive cleanup instruction.
如何停止监控(提供 launchctl unload / crontab -r 命令)
Replace `crontab -r` with instructions that remove only the generated monitor line, such as `crontab -e` and deleting the specific entry, and require explicit user confirmation before changing scheduled tasks.
The assistant may run scheduled job-search queries and generate reports even when the user is not actively chatting.
The skill intentionally creates a persistent scheduled monitor that runs periodically, which is disclosed and purpose-aligned but important for users to understand.
创建 `monitor.sh` 脚本 + launchd/cron 定时任务
Only enable monitoring if you want ongoing background execution, review the generated script and schedule, and keep a safe stop procedure.
Installing the MCP server means trusting external package code and the UPCV service with the API key and resume/job-search operations.
The skill relies on an external npm-distributed MCP server that is not included in the reviewed artifacts and is not pinned to a version.
claude mcp add upcv -- npx @upcv/mcp-server --api-key YOUR_API_KEY
Verify the package source, consider pinning a known version, and use a revocable API key.
The assistant can read, edit, print, and potentially delete resumes in the connected account.
The skill can access and mutate resume data through the user's UPCV account, including deletion, which is expected for a resume editor but sensitive.
`resume.get` | 获取简历完整数据 ... `resume.delete` | 删除简历
Review changes before applying them, require explicit confirmation for destructive actions, and revoke the API key if you stop using the skill.
Future application guidance may rely on old or incorrect locally stored ATS notes.
The skill persists ATS form-structure notes for reuse across applications. This is purpose-aligned, but persistent records can become stale or be over-trusted.
读取 memory 文件 `ats-records/` 目录 ... 将 ATS 表单结构记录到 memory 文件
Check reused ATS records before relying on them and avoid storing sensitive personal values such as ID numbers in these files.