Hire
Security checks across malware telemetry and agentic risk
Overview
This instruction-only hiring wizard is coherent with its purpose, but it can create persistent agent files, share team memory by default, and optionally set scheduled review jobs, so users should review those choices.
Before installing or using this skill, be prepared to review the generated agent's tools, autonomy, boundaries, shared memory links, and any optional cron-based performance review schedule. The behavior is disclosed and matches the skill's purpose, but it affects persistent agent configuration.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A newly created agent may be given broader tools or autonomy than the user intended if the inferred role rules are not checked.
The skill generates rules that can define a future agent's allowed actions and autonomy. This is purpose-aligned for a hiring wizard, but users should review the generated permissions.
AGENTS.md - Role definition, responsibilities, operational rules, what they do freely vs ask first
Review the summary card and generated AGENTS.md/TOOLS.md before using the new agent, especially the tools, boundaries, and 'ask first' rules.
The new agent may see shared user details and team memory, and information added by one agent may affect another agent later.
The skill links the new agent to shared user and memory files by default, which can expose personal/team context and allow shared memory to influence future agent behavior.
USER.md → `../../USER.md` ... MEMORY.md → `../../MEMORY.md` (shared team context)
Only keep these shared links if the new agent should have shared context; otherwise replace them with isolated files or narrower context.
If enabled, scheduled review conversations may continue until the schedule is changed or stopped.
A cron job is a persistence mechanism that can cause future scheduled activity. The artifact frames it as optional and asks the user for frequency, so this is a disclosure note rather than a concern.
Create a cron job that triggers a review conversation
Enable performance-review scheduling only if desired, confirm the frequency, and make sure you know how to disable the cron job later.