Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Resume Cog
v1.0.10AI resume and cover letter generation powered by CellCog. ATS-optimized resumes, CVs, cover letters, LinkedIn profiles, career documents — PDF or DOCX. Resea...
⭐ 1· 735·3 current·3 all-time
byCellCog@nitishgargiitd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the instructions align: the skill is a wrapper that uses CellCog to generate resumes, cover letters, LinkedIn content, and output PDFs/DOCX. However, the SKILL.md lists a dependency on 'cellcog' (SDK) while the skill package declares no install spec, no required env vars, and no primary credential. That omission is plausible if the platform supplies the cellcog integration separately, but it is an inconsistency that should be clarified.
Instruction Scope
SKILL.md contains only usage examples calling CellCog client APIs (create_chat) and guidance on prompt content and modes. It does not instruct the agent to read unrelated system files, scan unrelated environment variables, or exfiltrate data to unexpected endpoints within the visible text. The instructions do mention file handling and output formats (PDF/DOCX), which implies file I/O but within the scope of resume generation.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — low install risk. There are no downloads, package installs, or archive extracts in the skill itself.
Credentials
No environment variables, API keys, or credentials are declared even though the skill depends on the external CellCog SDK/service. A resume-generation service typically requires an API key or account credentials and will transmit personal data (names, work history, contact info) to the vendor's servers. The omission of any declared primary credential or guidance about where to configure CellCog auth is an inconsistency that could lead to accidental leakage or unclear trust assumptions.
Persistence & Privilege
Skill metadata sets always:false and user-invocable:true; it does not request persistent privileges or to modify other skills. As an instruction-only skill it does not install background components or configure persistent access.
What to consider before installing
This skill appears to do what it says (use CellCog to create ATS-optimized resumes), but there are a few things to confirm before installing/using it:
- Ask the publisher or platform where the 'cellcog' SDK/integration comes from and whether you must provide an API key or account credential. The SKILL.md implies an external service but the skill package declares no required credentials.
- Confirm data flow and privacy: resumes contain highly sensitive PII (employment history, contact info). Verify CellCog's privacy policy and whether documents are sent to their servers, how long they are stored, and whether you can opt out of retention.
- If you must provide an API key, ensure you create a least-privilege key scoped for resume generation only, and avoid reusing highly privileged credentials.
- Because the skill produces files (PDF/DOCX), check where those files will be written and whether the agent/platform restricts access to other system files.
If the publisher can confirm that the CellCog integration is provided by a platform-level skill (and explain where/when credentials are requested), this reduces the concern. Without that clarification, proceed cautiously and avoid submitting sensitive real-world data until you understand authentication and data-handling details.Like a lobster shell, security has layers — review code before you run it.
latestvk97891wqme9pcp2yr757m046g984v1nd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📝 Clawdis
OSmacOS · Linux · Windows