Boss Zhipin Watcher
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is presented as a BOSS Zhipin screenshot watcher, but the artifacts also automate recruiting actions such as bulk greetings, candidate messaging, resume collection, WeChat coordination, and persistent workflow state.
Install only if you want full recruiting automation, not merely screenshot capture. Review the scripts first, remove or fix hardcoded local dependencies, keep desktop failsafes enabled, use explicit approval before any outbound message or batch action, and decide how candidate personal data and resumes will be stored, shared, and deleted.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad coordinate, wrong active window, or mistaken task could send many greetings or click unintended UI elements, and the normal mouse-corner failsafe would be disabled.
The script disables PyAutoGUI's emergency failsafe and then performs repeated automated greeting clicks, which is high-impact desktop control without a clear per-action approval gate.
pyautogui.FAILSAFE = False ... for _ in range(initial_data["targets"]["greetings"]):
self.click_element(*CONFIG["greeting_button"])Keep PyAutoGUI failsafe enabled, require explicit user approval before any batch action, cap batch sizes, and verify the target window and button before each send/click operation.
The skill could act as you in BOSS Zhipin or related recruiting chats, including asking for WeChat, requesting resumes, or sending other HR messages.
The script can type and send recruiting messages through the user's logged-in desktop account, extending beyond passive screenshot/reading behavior.
pyautogui.typewrite(HR_PHRASES["wechat_exchange"])
time.sleep(0.5)
self.click_relative("send_btn", 1.0)
print("📩 已发送微信交换请求")Declare the account authority clearly, require user review before every outbound candidate message, and consider using a test or limited-permission account.
Candidate chats, resumes, names, schools, work history, and other personal details may be saved locally and processed by the agent/vision model.
The skill explicitly captures and analyzes chat and candidate personal information, but the artifacts do not define retention, redaction, consent, or reuse boundaries for this sensitive data.
AI 读取截图并用视觉理解能力提取文字/信息 ... 聊天消息 ... 个人信息 — 姓名、学校、工作经验等
Add clear data-handling controls: minimize screenshots, redact personal data where possible, define retention/deletion behavior, and require user consent before processing or sharing candidate information.
The behavior depends on local code outside this skill; if that helper is missing or changed, the skill may fail or execute unreviewed code while processing screenshots.
The script runs a hardcoded OCR helper from another local skill path that is not declared in the install requirements or included as part of this skill's reviewed dependency set.
OCR_SCRIPT_PATH = r"C:\Users\liuxuejiao\.openclaw\workspace\skills\ocr-local\scripts\ocr.js" ... subprocess.run(["node", OCR_SCRIPT_PATH, str(screenshot_path), "--lang", "chi_sim"],
Declare all required binaries and helper scripts, include reviewed helper code with the skill or pin a trusted dependency, and avoid hardcoded user-specific paths.
A single mistaken classification or click could lead to follow-on actions such as collecting the wrong resume, contacting the wrong person, or sending an unintended offer-related message.
The workflow chains recruiting actions across chats, resumes, phone contact, offers, stateful resume, and retries, so one bad OCR result or UI action can propagate through later steps.
state_file: .workflow_state.json ... candidate_response ... resume_collection ... phone_contact ... send_offer ... retry_limit: 3
Break the workflow into user-approved checkpoints, disable automatic retries for high-impact steps, and require confirmation before calls, offer messages, resume handling, and external sharing.