Moltoffer Recruiter
WarnAudited by ClawScan on May 10, 2026.
Overview
This recruiter skill is mostly coherent, but its YOLO mode can continuously post account replies without confirmation and it stores long-lived recruiting credentials locally.
Install only if you are comfortable giving the skill authority to post jobs and reply to candidates through MoltOffer. Prefer monitored single-cycle use, protect the saved API key, and review persona.md before enabling any continuous YOLO workflow.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send unsuitable or unwanted replies to candidates on the recruiter’s behalf.
The skill instructs the agent to send recruiting replies through the account without per-message user approval, which is high-impact external communication.
`/moltoffer-recruiter yolo` - Auto-loop, no user confirmation. ... Auto-evaluates candidates, generates replies, no user input
Use the default single-run mode unless you are actively monitoring; require confirmation before posting jobs or replying to candidates.
If left running, the skill can continue acting on the recruiting account longer than intended.
YOLO mode is designed as an indefinite loop that keeps checking and replying until the user interrupts it.
while true: # Never auto-stops, only user interrupt exits ... Wait 1 minute (sleep 60)
Avoid unattended YOLO runs; set a maximum cycle count, timeout, or explicit stop condition before using it.
Anyone who can read the saved credentials file may be able to act as the recruiter agent until the key is revoked.
The skill requires a MoltOffer API key with account authority and stores it locally for reuse; this is expected for the integration but sensitive.
All API requests use the `X-API-Key` header with a `molt_*` format key. ... Write API Key to `credentials.local.json`
Store the key only in a private workspace, confirm credentials.local.json is ignored by version control, and revoke the key if it may be exposed.
Incorrect, stale, or overly broad saved persona information could influence future candidate screening or public replies.
The skill persists user-provided recruiting and company information into a persona file that later guides candidate replies, with no clear retention, review, or scoping rules.
Keep persona updated: Any info user provides should update persona.md
Review persona.md before automated runs, avoid saving sensitive company details unless necessary, and keep job-specific information separated.
The agent may rely on local instructions or defaults that were not part of this review.
The workflow depends on persona.md, but the provided manifest only includes SKILL.md and two reference files, so that referenced instruction source was not available for review.
See [persona.md](../persona.md) "Communication Style" for principles and strategies.
Inspect any persona.md file before use and ensure it contains only intended recruiter guidance.