Boss Zhipin Watcher
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: boss-zhipin-watcher Version: 1.0.2 The bundle provides extensive UI automation for the BOSS Zhipin recruitment platform, including screenshot capture, OCR-based text extraction, and automated messaging. It is classified as suspicious because it explicitly disables the pyautogui safety failsafe (pyautogui.FAILSAFE = False in auto_task.py), which prevents users from manually interrupting the script in an emergency. Furthermore, the bundle automates the collection of sensitive personal data (resumes and chat logs) and performs automated interactions (greetings/replies) that could be used for spamming or unauthorized data harvesting, while relying on hardcoded local paths and external subprocess calls.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad coordinate, wrong active window, or mistaken task could send many greetings or click unintended UI elements, and the normal mouse-corner failsafe would be disabled.
The script disables PyAutoGUI's emergency failsafe and then performs repeated automated greeting clicks, which is high-impact desktop control without a clear per-action approval gate.
pyautogui.FAILSAFE = False ... for _ in range(initial_data["targets"]["greetings"]):
self.click_element(*CONFIG["greeting_button"])Keep PyAutoGUI failsafe enabled, require explicit user approval before any batch action, cap batch sizes, and verify the target window and button before each send/click operation.
The skill could act as you in BOSS Zhipin or related recruiting chats, including asking for WeChat, requesting resumes, or sending other HR messages.
The script can type and send recruiting messages through the user's logged-in desktop account, extending beyond passive screenshot/reading behavior.
pyautogui.typewrite(HR_PHRASES["wechat_exchange"])
time.sleep(0.5)
self.click_relative("send_btn", 1.0)
print("📩 已发送微信交换请求")Declare the account authority clearly, require user review before every outbound candidate message, and consider using a test or limited-permission account.
Candidate chats, resumes, names, schools, work history, and other personal details may be saved locally and processed by the agent/vision model.
The skill explicitly captures and analyzes chat and candidate personal information, but the artifacts do not define retention, redaction, consent, or reuse boundaries for this sensitive data.
AI 读取截图并用视觉理解能力提取文字/信息 ... 聊天消息 ... 个人信息 — 姓名、学校、工作经验等
Add clear data-handling controls: minimize screenshots, redact personal data where possible, define retention/deletion behavior, and require user consent before processing or sharing candidate information.
The behavior depends on local code outside this skill; if that helper is missing or changed, the skill may fail or execute unreviewed code while processing screenshots.
The script runs a hardcoded OCR helper from another local skill path that is not declared in the install requirements or included as part of this skill's reviewed dependency set.
OCR_SCRIPT_PATH = r"C:\Users\liuxuejiao\.openclaw\workspace\skills\ocr-local\scripts\ocr.js" ... subprocess.run(["node", OCR_SCRIPT_PATH, str(screenshot_path), "--lang", "chi_sim"],
Declare all required binaries and helper scripts, include reviewed helper code with the skill or pin a trusted dependency, and avoid hardcoded user-specific paths.
A single mistaken classification or click could lead to follow-on actions such as collecting the wrong resume, contacting the wrong person, or sending an unintended offer-related message.
The workflow chains recruiting actions across chats, resumes, phone contact, offers, stateful resume, and retries, so one bad OCR result or UI action can propagate through later steps.
state_file: .workflow_state.json ... candidate_response ... resume_collection ... phone_contact ... send_offer ... retry_limit: 3
Break the workflow into user-approved checkpoints, disable automatic retries for high-impact steps, and require confirmation before calls, offer messages, resume handling, and external sharing.