recruitment-assistant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only résumé screening helper with no hidden code or install behavior, but it will handle sensitive candidate data and generate hiring-related reports.
Before installing, make sure the jobs folder contains only the résumés you intend to process, protect the generated reports, and treat AI scores and interview questions as drafts for human review rather than final hiring decisions. Verify your agent/model data-handling setup if your organization requires candidate data to remain strictly local.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Candidate contact details, evaluations, and rankings may be stored in generated reports and exposed if the job folder or report is shared too broadly.
The skill explicitly extracts applicant personal data from résumés and saves AI-generated evaluation reports locally.
“基础信息 | 从内容中提取姓名、联系方式、工作年限、学历” ... “生成的报告保存在本地职位文件夹中”
Use only intended résumé folders, restrict access to generated reports, and delete or redact reports when they are no longer needed.
Stale, overly broad, or unintentionally edited interviewer preferences could affect later candidate evaluations.
A persistent preference file can influence screening and interview-question generation across multiple roles.
“personalprefer.txt:放在 jobs/ 根目录” ... “全局共享:所有职位使用同一个面试官偏好配置”
Limit who can edit personalprefer.txt, review it before important screening runs, and avoid storing irrelevant or legally sensitive hiring criteria in it.
Users may assume the entire agent environment satisfies a no-cloud/no-upload requirement for candidate data.
The documentation makes a broad privacy assurance for sensitive recruitment data.
“所有处理在本地完成” / “简历数据不上传云端”
If recruitment data must not leave a controlled environment, confirm the host agent and model-provider configuration meet that requirement before use.