Resume & Cover Letter
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only resume skill appears aligned with its purpose, but it handles personal career/contact details and has broad local file and shell tool access that users should supervise.
Before installing, confirm you are comfortable giving the skill resume/profile details and local file access. Keep inputs scoped to specific files, review any generated documents before sharing, and do not approve shell commands unless they are clearly necessary.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent could potentially run local shell commands or access local files within its normal permissions, although the visible instructions do not tell it to do so automatically.
The skill grants local file read/write/search and shell access. File access is purpose-aligned for reading resumes and saving outputs, but Bash is a broad capability for an instruction-only document-generation workflow.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
Use specific input file paths, review any requested file edits, and require explicit confirmation before any Bash command or write outside output/career-docs.
Generated resumes and cover letters may expose personal contact details, employment history, and career information if the output folder is shared, synced, or committed accidentally.
The workflow collects personal career and contact details and persists generated documents locally. This is expected for resume generation, but the resulting files may contain sensitive personal information.
ask for: Name, contact info, location, LinkedIn URL ... Work experience ... Save to `output/career-docs/`
Store outputs in a private location, avoid providing unnecessary personal details, and review generated files before sharing or uploading them.