个性化BOSS直聘打招呼生成器和JD对比
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill has a reasonable job-application purpose, but it persistently stores sensitive résumé data with limited user visibility and unnecessarily declares shell access.
Before installing, be comfortable with giving the skill résumé details, job preferences, salary expectations, and screenshots. Ask where the profile is stored and how to delete it, and prefer a version that removes unnecessary Bash access.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused or later expanded, the agent could run local commands unrelated to generating job-application greetings.
The skill declares Bash access even though its stated workflow only needs reading and writing a specific profile file and generating text. Shell access is broader than the documented purpose.
tools: - Read - Write - Bash
Remove Bash from the tool list unless a specific, user-approved shell operation is required; keep file access scoped to the intended profile file.
Your résumé and job-search preferences may remain on disk and influence future outputs, and you may not be clearly told where to inspect or delete that data.
The skill persistently stores detailed personal career data, preferences, and possibly salary information for reuse, while also instructing the agent not to show the user the full storage path.
鼓励用户直接粘贴简历全文或发简历截图... 将所有信息整理成结构化的 markdown,写入 `~/.openclaw/boss-profile.md`... 不要在对话中暴露档案文件的完整路径给用户
Tell users exactly what will be saved, where it is stored, how to view/update/delete it, and ask for confirmation before writing sensitive profile data.