ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Interview

🤖 AI 面试系统 - 完整的 AI 面试解决方案 提供求职者和面试官两个 AI Agent,支持飞书群聊面试 + 实时可视化观察。 **功能:** - 👨‍💻 job-seeker - AI 求职者(3年前端,微前端经验) - 👨‍💼 recruiter - AI 面试官(提问、评估候选人) - 📊...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 35 · 0 current installs · 0 all-time installs
byjeeban@jeeban-G
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes job-seeker/recruiter agents plus a web viewer; the included server.py implements that by reading OpenClaw agent session files. Reading sessions is coherent with a viewer, but the server also exposes an unauthenticated API that can delete session files — deletion is beyond a simple viewer and should be explicit and justified.
!
Instruction Scope
Runtime instructions tell the user to run scripts/install.sh and python3 server.py. SKILL.md does not clearly warn that the web viewer will read ~/.openclaw/agents/*/sessions/*.jsonl (sensitive chat history) or that the UI exposes a 'clear' action which causes server.py to delete those files. The instructions grant the skill access to arbitrary agent session content without documenting privacy or auth controls.
Install Mechanism
No network installs or downloads; the packaged install.sh copies local templates and optionally launches the bundled server.py. This local-only install mechanism is low risk in itself.
Credentials
The skill requests no environment variables, which matches the package. SKILL.md asks users to configure Feishu apps and edit ~/.openclaw/openclaw.json (where secrets like appSecret will live); server.py accesses session files containing message contents. Exposing those messages via an unauthenticated HTTP API is a sensitive action and should be explicitly justified and protected.
!
Persistence & Privilege
The skill does not ask for always:true and doesn't alter other skills, which is good. However, server.py provides endpoints that (1) serve session contents over HTTP with Access-Control-Allow-Origin: * and (2) delete session files via /api/clear without authentication. Those behaviors give the skill effective local-data modification privilege and an unauthenticated attack surface (localhost + permissive CORS), increasing risk.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters detected by the pre-scan. This is not expected for a straightforward README and may indicate attempt to alter prompt parsing or injection; it should be reviewed. (No other automated code-scan issues were reported.)
What to consider before installing
This package is mostly what it says: a local web viewer for OpenClaw agent conversations plus templates and an install helper. However, review and consider the following before installing or running the server: 1) server.py reads all session files under ~/.openclaw/agents/*/sessions and will expose their message contents via HTTP — these may contain sensitive conversation data. 2) The API sets Access-Control-Allow-Origin: * and listens on localhost:8091, so local web pages or apps could access it; consider restricting CORS or binding to 127.0.0.1 only. 3) The /api/clear endpoint deletes session files without auth — if you need deletion, require authentication or remove this endpoint. 4) Inspect openclaw.json for stored app secrets (Feishu appSecret) and avoid exposing that file. 5) If you want to use it, run it in a restricted environment (isolated account or VM), back up session files first, or modify server.py to enforce authentication and remove permissive CORS and the unauthenticated delete action. Finally, examine the detected unicode-control characters in SKILL.md and confirm text integrity before trusting automated evaluation steps.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk978xe6d03vwt3w1k4x6xc6zs5834tkd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis

SKILL.md

🤖 AI 面试系统

完整的 AI 面试解决方案,包含求职者和面试官 Agent,支持飞书群聊面试。

系统架构

┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│  job-seeker │ ◄── │  飞书群聊   │ ──► │  recruiter  │
│   求职者    │     │             │     │    面试官   │
└─────────────┘     └─────────────┘     └─────────────┘
                          │
                    ┌─────┴─────┐
                    │ web-viewer │
                    │  可视化面板 │
                    └───────────┘

快速开始

方式一:一键安装(需要先配置)

# 1. 配置飞书应用
# 2. 运行安装脚本
cd ~/.openclaw/workspace/skills/ai-interview
./scripts/install.sh

方式二:手动配置

步骤 1:准备飞书应用

需要创建两个飞书应用:

角色App ID用途
job-seekercli_xxxxxxxx求职者 Bot
recruitercli_xxxxxxxx面试官 Bot

每个应用需要权限:

  • im:chat:send_as_bot - 发送消息
  • im:message:content:readonly - 读取消息
  • im:chat:readonly - 查看群信息

步骤 2:配置 openclaw.json

编辑 ~/.openclaw/openclaw.json,添加:

{
  "agents": {
    "list": [
      {
        "id": "job-seeker",
        "name": "求职者",
        "workspace": "~/.openclaw/workspace-job-seeker",
        "model": "moonshot/kimi-k2.5"
      },
      {
        "id": "recruiter",
        "name": "面试官",
        "workspace": "~/.openclaw/workspace-recruiter",
        "model": "moonshot/kimi-k2.5"
      }
    ]
  },
  "channels": {
    "feishu": {
      "accounts": {
        "job-seeker": {
          "appId": "你的job-seeker App ID",
          "appSecret": "你的job-seeker App Secret",
          "enabled": true,
          "agent": "job-seeker"
        },
        "recruiter": {
          "appId": "你的recruiter App ID",
          "appSecret": "你的recruiter App Secret",
          "enabled": true,
          "agent": "recruiter"
        }
      },
      "tools": {
        "agentToagent": true
      }
    }
  }
}

步骤 3:配置 Agent 工作空间

创建 ~/.openclaw/workspace-job-seeker/IDENTITY.md

# 你是求职者

你是参加前端工程师面试的求职者。

## 基本信息
- 姓名:张三
- 经验:3 年前端开发经验
- 技术栈:React, Vue, TypeScript, 微前端, Node.js

## 项目经验
- 参与过企业级微前端架构设计与实现
- 使用 qiankun 框架实现微前端改造

## 行为规则
- 只在飞书群里回复消息
- 被 @ 时才回复面试官
- 保持专业、友好的态度

创建 ~/.openclaw/workspace-recruiter/IDENTITY.md

# 你是面试官

你是负责前端工程师面试的面试官。

## 基本信息
- 公司:某知名互联网公司
- 部门:前端技术部

## 考察重点
- 前端基础(HTML/CSS/JS)
- 框架能力(React/Vue)
- 微前端经验
- 问题解决能力

## 面试流程
1. 开场自我介绍
2. 项目经验介绍
3. 技术问题考察
4. 候选人提问环节
5. 总结与结束

## 行为规则
- 问题循序渐进,由浅入深
- 每轮问题后等待候选人回答
- 保持专业、友好的态度

步骤 4:启动服务

openclaw gateway start

启动可视化面板

cd ~/.openclaw/workspace/skills/ai-interview
python3 server.py

然后打开浏览器访问:http://localhost:8091

使用方法

  1. 把 job-seeker 和 recruiter 两个 Bot 加入同一个飞书群
  2. 在群里 @recruiter 说"开始面试"
  3. 面试官会自动 @job-seeker 开始提问
  4. 可打开可视化面板实时观察对话

故障排除

问题解决
Bot 不回复检查 App Secret 是否正确
消息发不出去检查飞书群权限设置
无法对话确认已启用 agentToagent: true
可视化面板空白检查 server.py 端口是否正确

文件结构

ai-interview/
├── SKILL.md              # 本文件
├── server.py             # 可视化面板后端
├── public/               # 前端静态文件
│   └── index.html
├── scripts/
│   └── install.sh        # 安装脚本
└── config/
    ├── job-seeker/       # 求职者配置模板
    └── recruiter/        # 面试官配置模板

更新日志

  • 2026-03-18: 整合 job-seeker、recruiter、web-viewer 为统一 Skill

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…