iHRFlow HR Assistant
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent iHRFlow recruiting integration, but it can change sensitive HR records and caches a session token in a predictable temporary file.
Install only if you trust the iHRFlow MCP endpoint and are comfortable letting the assistant act with the configured HR account. Use a least-privilege account, protect the password/API key, and require explicit confirmation before publishing positions, scheduling or canceling interviews, submitting feedback, or changing candidate status.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make consequential recruiting changes, such as publishing roles, scheduling interviews, submitting feedback, or advancing candidates, without a uniformly documented confirmation step.
The documented workflows include state-changing HR operations, while the explicit confirmation rule only covers cancel and reject actions, leaving other significant account mutations less clearly gated.
`create_recruitment_need` -> `update_position_status` (status="active") ... `submit_interview_feedback` -> `update_screening_status` ... **Always** confirm destructive actions (cancel, reject) before executing
Require explicit user confirmation before every state-changing HR action, not only cancellations and rejections; show the target candidate, role, interview time, and exact action before executing.
On shared or compromised systems, another local process may be able to read, replace, or interfere with the cached HR session, depending on file permissions and host configuration.
The script stores the MCP session identifier in a predictable /tmp path without visible chmod or private-directory controls.
readonly SESSION_FILE="/tmp/ihrflow-mcp-session-${USER:-unknown}" ... printf '%s' "$session_id" > "$SESSION_FILE"Store sessions in a user-private directory such as ~/.openclaw with chmod 600, avoid predictable /tmp files, validate session IDs, and provide a logout/cleanup path.
The assistant can operate with the configured HR user's permissions and access the tenant data available to that account.
The integration requires user credentials and may use an API key and tenant ID to act against the iHRFlow account.
IHRFLOW_MCP_URL ... IHRFLOW_USERNAME ... IHRFLOW_PASSWORD ... IHRFLOW_TENANT_ID ... IHRFLOW_API_KEY
Use a least-privilege iHRFlow account, protect these environment variables, and avoid using a broad admin account unless necessary.
Sensitive candidate information may be shown in chat responses or retained according to the user's OpenClaw/model logging and history settings.
The skill is designed to retrieve detailed candidate resume information into the agent's working context.
`get_resume_detail` — Get full resume details (education, work history, skills, etc.).
Only request resume details when needed, limit sharing of candidate personal data, and confirm your organization’s retention and privacy settings.