Resume & Cover Letter
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent could potentially run local shell commands or access local files within its normal permissions, although the visible instructions do not tell it to do so automatically.
The skill grants local file read/write/search and shell access. File access is purpose-aligned for reading resumes and saving outputs, but Bash is a broad capability for an instruction-only document-generation workflow.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
Use specific input file paths, review any requested file edits, and require explicit confirmation before any Bash command or write outside output/career-docs.
Generated resumes and cover letters may expose personal contact details, employment history, and career information if the output folder is shared, synced, or committed accidentally.
The workflow collects personal career and contact details and persists generated documents locally. This is expected for resume generation, but the resulting files may contain sensitive personal information.
ask for: Name, contact info, location, LinkedIn URL ... Work experience ... Save to `output/career-docs/`
Store outputs in a private location, avoid providing unnecessary personal details, and review generated files before sharing or uploading them.