Interview Buddy
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent third-party interview-coaching API skill with expected API-key, billing, and data-sharing considerations, but no evidence of hidden code, destructive behavior, or deception.
This appears safe to install if you intentionally want a ToolWeb-backed mock interview coach. Before using it, be comfortable sharing interview practice content with ToolWeb, protect your TOOLWEB_API_KEY, and watch your usage because successful API calls may count against a free trial or paid subscription.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Interview coaching requests will be routed to ToolWeb’s API, and repeated use may consume quota or paid calls.
The skill directs the agent to use curl to call a specific external API for the service rather than generating answers locally. This is purpose-aligned for an API-backed interview coach, but it makes external tool use the default behavior.
ALWAYS call the ToolWeb API endpoint using curl. Do NOT answer from your own knowledge.
Use the skill when you intend to use ToolWeb’s hosted service, and monitor API usage or billing during long practice sessions.
Anyone or any agent with access to the configured API key may be able to make ToolWeb API calls against the user’s account quota.
The skill requires a ToolWeb API key and uses it in the X-API-Key header. This is expected for the service, but the key controls access to the user’s ToolWeb subscription or quota.
`TOOLWEB_API_KEY` — Get your API key from [portal.toolweb.in](https://portal.toolweb.in)
Store the API key securely, use a dedicated or limited key if ToolWeb supports it, and rotate the key if it may have been exposed.
Personal career history, employer details, interview preparation notes, or confidential work examples may be transmitted to ToolWeb.
The workflow sends user interview answers and career details to the external ToolWeb API. This is central to the skill’s purpose, but the artifacts do not describe retention or privacy handling.
-d '{"question": "In my previous role, I led a team of 5 engineers to deliver a microservices migration that reduced latency by 40%..."}'Avoid sharing confidential employer, customer, or proprietary information unless you are comfortable with ToolWeb processing it under its privacy terms.