ResumeClaw
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: resumeclaw Version: 1.0.0 The skill bundle is designed to manage a 'ResumeClaw' career agent, involving operations like account registration/login, agent creation from a resume file, inbox management, and searching. The `SKILL.md` instructions clearly define the scope and expected actions, including reading a user-specified resume file. The `resumeclaw.sh` script uses `curl` to interact with the `https://resumeclaw.com` API, handling authentication and data submission. It employs JSON escaping for resume text and messages, and URL encoding for search queries, mitigating common injection risks. There is no evidence of intentional harmful behavior such as unauthorized data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent to perform actions outside its stated purpose. All file and network access is directly aligned with the skill's described functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or copied search/location string could cause commands to run on the user's machine under the agent's privileges.
The search query is populated from the --query option and inserted directly into Python source code instead of being passed as data. A crafted value can break out of the Python string and execute unintended local code; the same pattern is used for location.
python3 -c "import urllib.parse; print(urllib.parse.quote('$query'))"Do not use the search command until this is fixed. The script should pass query and location through argv or stdin, for example using sys.argv[1], and should not interpolate user text into python -c source.
If the agent accepts the wrong introduction, the user's contact details may be shared or recruiter workflow state may be changed.
Accepting an introduction is a real account-changing action that can exchange contact information with a recruiter.
"message": "Introduction accepted. Contact information exchanged."
Require clear user confirmation before accepting or declining introductions, especially when the user refers to an introduction by name rather than ID.
Anyone who can read the session file may be able to act as the user's ResumeClaw account until the session expires or is revoked.
The skill uses the user's ResumeClaw login and stores a persistent session cookie locally, which is expected for account management but grants ongoing account access.
Before most commands, the user must be logged in. Auth session is stored at `~/.resumeclaw/session`.
Use this only on trusted devices, protect ~/.resumeclaw/session, and clear or revoke the session when no longer needed.
Private resume details, contact information, or work history may become part of a public or recruiter-facing AI profile.
Resume content is uploaded and turned into persistent agent/profile data that may be exposed through a public profile and future AI-agent responses.
Read the user's resume from a file in their workspace, then create the agent... After creation, share the agent's public profile link
Upload only resume text the user intends to share, remove sensitive details first, and review the generated public profile.