GLM-V-Resume-Screen
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill matches its resume-screening purpose, but it uses a Zhipu API key and sends resume contents to Zhipu's model, so candidate data and credentials should be handled carefully.
Before installing, make sure you are comfortable sending candidate resumes and criteria to Zhipu's GLM-V API. Protect the ZHIPU_API_KEY, process only data you are authorized to share, and install PyMuPDF from a trusted Python environment if you need local PDF support.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide a Zhipu API key that could be charged or abused if exposed.
The skill requires a provider API credential. This is expected for the stated Zhipu integration, but the key can authorize account usage and billing.
This script reads the key from the `ZHIPU_API_KEY` environment variable
Use a dedicated or least-privileged API key where possible, store it only in trusted configuration or environment variables, and rotate it if exposure is suspected.
Candidate resumes and screening criteria may be sent to Zhipu's service for processing.
Resume contents, including local PDF pages, are transmitted to an external model provider. This is disclosed and central to the skill, but it involves sensitive candidate data crossing a provider boundary.
Local PDF files are converted page-by-page into images (base64) before sending to the model.
Use the skill only for resumes you are authorized to share with the provider, review applicable privacy/data-retention terms, and avoid including unnecessary sensitive information.
Users who need local PDF support may install an additional package into their Python environment.
The local PDF workflow depends on a manually installed Python package. The dependency is disclosed and purpose-aligned, but package installation changes the local environment.
`PyMuPDF` is required (`pip install PyMuPDF`).
Install dependencies from trusted sources, preferably in a virtual environment, and avoid running package installation commands from untrusted modifications of the skill.