麻麻cli
AdvisoryAudited by VirusTotal on Apr 17, 2026.
Overview
Type: OpenClaw Skill Name: mama-cli Version: 1.0.1 The mama-cli skill bundle is a browser automation tool designed for the BOSS Zhipin recruitment platform. It provides structured instructions in SKILL.md for filtering candidates, managing messages, and downloading resumes using the user's local browser profile. The skill includes explicit safety constraints, such as forbidding access to cookies, storage, and network requests, and implements anti-detection measures like random delays and frequency limits. The behavior is clearly aligned with its stated recruitment purpose and lacks indicators of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may continue performing account actions and data export after an intermediate result, rather than pausing for the user to confirm.
The skill changes stopping conditions and pushes the agent to continue through all candidates and export to Feishu unless a narrow failure condition occurs.
禁止 中途停止: 任务必须完整执行到底(导航→列表→遍历所有候选人→报告→飞书)... 否则不得在完成一个阶段后停下来。
Use only with explicit task boundaries, such as a maximum number of candidates and a requirement to ask before sending messages, downloading resumes, or exporting reports.
Mistakes or overbroad criteria could send unwanted messages to candidates, mishandle resumes, or alter the user's recruiting workflow at scale.
The browser automation is instructed to mutate the user's recruiting account by contacting candidates, reading chats, requesting resumes, receiving resumes, and downloading files.
点击 "打招呼" 或 "立即沟通" 按钮... 对每个候选人:进入聊天 → 读取消息 → 查看简历详情... 已发送 → 接收+下载 | 未发送 → 常用语索取
Require review before each batch of outbound messages and before each resume download or request; set strict candidate count and filtering limits.
The agent acts as the logged-in user on BOSS 直聘, so actions are tied to the user's real account.
The skill relies on the user's existing logged-in browser session instead of an isolated browser profile.
profile: "user" # 使用用户已登录的浏览器,复用现有 Cookie/登录态... 禁止隔离模式: 严禁使用 `profile="openclaw"`。
Run this only in a browser session dedicated to the intended BOSS account, and monitor the automation while it operates.
The reviewed artifact may not include all operational guidance the skill expects the agent to follow.
SKILL.md depends on referenced scenario files under scripts/, but the provided manifest contains only SKILL.md, so those detailed instructions were not available for review.
详见 [场景 J: 处理候选人未读消息(含筛选条件)](scripts/scenario_handle_unread_with_filter.md)
Do not rely on missing scenario documents unless you can inspect them separately; prefer a complete package with all referenced files present.
Candidate information and screening decisions may be copied into a persistent third-party document space.
The skill directs candidate screening results and potentially resume-derived information into Feishu through another skill, without showing clear approval, data minimization, or boundary controls.
报告生成: Markdown 格式,含通过/未通过/统计... 飞书导入: 使用 feishu-cli-import 技能
Ask the agent to show the report first, remove unnecessary personal data, and get explicit permission before importing anything into Feishu.