ResumeClaw
WarnAudited by ClawScan on May 10, 2026.
Overview
ResumeClaw is mostly a coherent recruiting integration, but its search command can run unintended local code from crafted search or location text while the skill also handles sensitive resume and account data.
Wait for the search command injection issue to be fixed before installing or using this skill. If you still test it, do not pass untrusted search or location text. Also verify the ResumeClaw service URL before entering credentials, protect the ~/.resumeclaw/session file, sanitize resume content before upload, and explicitly confirm any accept or decline action for recruiter introductions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or copied search/location string could cause commands to run on the user's machine under the agent's privileges.
The search query is populated from the --query option and inserted directly into Python source code instead of being passed as data. A crafted value can break out of the Python string and execute unintended local code; the same pattern is used for location.
python3 -c "import urllib.parse; print(urllib.parse.quote('$query'))"Do not use the search command until this is fixed. The script should pass query and location through argv or stdin, for example using sys.argv[1], and should not interpolate user text into python -c source.
If the agent accepts the wrong introduction, the user's contact details may be shared or recruiter workflow state may be changed.
Accepting an introduction is a real account-changing action that can exchange contact information with a recruiter.
"message": "Introduction accepted. Contact information exchanged."
Require clear user confirmation before accepting or declining introductions, especially when the user refers to an introduction by name rather than ID.
Anyone who can read the session file may be able to act as the user's ResumeClaw account until the session expires or is revoked.
The skill uses the user's ResumeClaw login and stores a persistent session cookie locally, which is expected for account management but grants ongoing account access.
Before most commands, the user must be logged in. Auth session is stored at `~/.resumeclaw/session`.
Use this only on trusted devices, protect ~/.resumeclaw/session, and clear or revoke the session when no longer needed.
Private resume details, contact information, or work history may become part of a public or recruiter-facing AI profile.
Resume content is uploaded and turned into persistent agent/profile data that may be exposed through a public profile and future AI-agent responses.
Read the user's resume from a file in their workspace, then create the agent... After creation, share the agent's public profile link
Upload only resume text the user intends to share, remove sensitive details first, and review the generated public profile.