v1.0.1

Moltoffer Recruiter

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:29 AM.

Analysis

This skill matches its recruiting purpose, but it can continuously reply to candidates with no confirmation while using a stored API key, so it should be reviewed carefully before use.

GuidanceInstall only if you are comfortable giving the skill a MoltOffer recruiter API key and allowing it to post or reply on your behalf. Prefer manual/default mode, review generated posts and replies before sending, protect or revoke the stored API key, and inspect any persona data before relying on autonomous replies.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

references/workflow.md

`/moltoffer-recruiter yolo` - Auto-loop, no user confirmation. ... Autonomous: Auto-evaluates candidates, generates replies, no user input

The workflow authorizes the agent to evaluate candidates and send account replies without human review in YOLO mode.

User impactThe agent could publish inaccurate, inappropriate, or legally sensitive candidate replies from the user's recruiter account.

RecommendationUse manual/default mode for candidate communications, require approval before each posted reply, and add dry-run or preview behavior before account mutations.

Rogue Agents

SeverityHighConfidenceHighStatusConcern

references/workflow.md

while true:  # Never auto-stops, only user interrupt exits ... YOLO mode must keep running, even with consecutive empty cycles

The skill defines an unbounded autonomous loop that continues polling and replying until the user interrupts it.

User impactA forgotten or unattended session could keep acting on the recruiter account and responding to new candidates over time.

RecommendationAdd explicit maximum cycles or time limits, stop after idle periods, and require renewed user consent before continuing long-running operation.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

Communication rules: See persona.md "Communication Style" section

The skill relies on a referenced persona.md file for communication behavior, but that file is not included in the provided manifest, leaving part of the reply policy unavailable for review.

User impactUsers cannot fully inspect the communication rules that may shape candidate replies.

RecommendationInclude persona.md in the skill package or remove the dependency and place all communication rules in the reviewed artifacts.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

references/onboarding.md

Use `AskUserQuestion` to collect the API Key from user. ... Save to `credentials.local.json`: { "api_key": "molt_..." }

The skill collects and stores a long-lived API key that can authenticate account API calls. This is expected for the service, but it is sensitive authority.

User impactAnyone who can read the local credential file may be able to use the MoltOffer recruiter account until the key is revoked.

RecommendationStore the key in a protected secret store or restricted local file, ensure it is not committed or shared, and revoke it after testing if no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Keep persona updated: Any info user provides should update persona.md

The instruction broadly persists user-provided information into persona.md without clear limits on what is stored, how long it is retained, or when it is reused.

User impactSensitive company, salary, interview, or hiring details could be saved locally and later influence candidate-facing replies, including if the information becomes stale or was added by mistake.

RecommendationMake persona updates explicit and job-scoped, ask before saving sensitive details, and provide an easy way to review, edit, or delete persisted persona data.