Resume Ats
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent resume/ATS command-line tool with no evidence of hidden exfiltration or destructive behavior, though users should notice its optional API key setup, Python package installation, and local storage of resume data.
This skill appears safe to install if you trust the Python package source. Before using it, be aware that resumes may contain personal data, avoid adding an OpenAI API key unless you actually need an AI feature, and keep any generated database or .env file in a private location.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing from an external package index could run package installation code from that source.
The skill offers a user-directed install path that can fetch a Python package by name rather than necessarily using only the reviewed local files. This is common for CLI tools, but package provenance and version should be checked.
pipx install resume-ats
Prefer the reviewed local editable install when available, or verify the package publisher and version before using pipx.
If a user adds an API key, future or modified functionality could use that account and incur access or billing impact.
The skill documents an optional API key for future AI-powered features. API keys are sensitive credentials, though the provided code only loads this setting and does not show transmission, logging, or use of the key.
OPENAI_API_KEY=your_openai_api_key_here
Do not add an API key unless a needed feature requires it; use a scoped key when possible and revoke it if no longer needed.
Resume and job-description details may remain on disk after use.
The storage layer is designed to persist resume file paths, content, keywords, and scores in a local SQLite database. Resume content can contain personal information, so local retention matters even though it is purpose-aligned.
CREATE TABLE IF NOT EXISTS resumes ( ... file_path TEXT NOT NULL UNIQUE, content TEXT, keywords TEXT, ats_score INTEGER, ... )
Keep DB_PATH in a private local directory, avoid shared folders, and delete the database when you no longer need stored resume data.