ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

筛选沟通简历

v1.0.0

从BOSS直聘沟通列表筛选符合全日制本科、2-8年经验、主用React且优先熟练AI工具的候选人简历。

0· 104·0 current·0 all-time
by@herohimmel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the SKILL.md: instructions describe opening the BOSS直聘聊天列表、查看候选人详情并记录指定字段. No unrelated binaries/configs are requested.
!
Instruction Scope
The instructions tell the agent to open https://www.zhipin.com/web/chat/index, navigate each candidate's detail, extract PII (姓名、院校、薪资等) and then '通过钉钉发送给用户 使用message工具发送到用户的钉钉账号'. That outbound messaging step is external and not specified (no auth, no target address format, no privacy handling). The skill also expects UI/browser interaction but gives no guardrails about authentication, rate limits, or PII protection.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest installation risk. Nothing is written to disk by the skill itself.
!
Credentials
SKILL.md requires sending data to 钉钉 but requires.env and primary credential are empty. If the agent must access a DingTalk token/account or the user's BOSS session, those credentials are not declared — a mismatch that could hide required privileges or cause silent failures. The skill will handle candidate PII but offers no declaration about where secrets/credentials are needed or stored.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. Autonomous invocation is allowed but is the platform default; no extra privilege was requested.
What to consider before installing
This skill's task (filter candidates on BOSS直聘) is coherent, but it instructs the agent to send filtered results to DingTalk without declaring any credentials or how that will be authorized. Before installing or using it, ask the skill author: (1) How will the agent authenticate to BOSS直聘 and 钉钉? What credentials/tokens are required and where will they be stored? (2) Exactly which 'message tool' is used and does it require a webhook or access token? (3) How is candidate personal data protected and where are results transmitted/stored? If the author cannot provide clear answers or insists the agent already has access, treat the skill as risky and avoid granting access to your DingTalk/BOSS account or any tokens until you verify. If you proceed, limit the skill's access to only the minimum messaging credential (e.g., a single outgoing webhook) and verify the data destination.

Like a lobster shell, security has layers — review code before you run it.

bossvk9761jjsjgw6c797tg33r7khts83frx2latestvk9761jjsjgw6c797tg33r7khts83frx2recruitvk9761jjsjgw6c797tg33r7khts83frx2resumevk9761jjsjgw6c797tg33r7khts83frx2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments