Resume Generator
v1.0.1为程序员和测试工程师智能生成多模板多格式专业简历,可根据岗位JD优化关键词并自动生成自我介绍。
⭐ 0· 66·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (resume generation, templates, JD optimization) match the included source files (cli.py, generator.py, tests). There is a small mismatch in SKILL.md marketing (mentions 'Team/API access' in pricing) while the code contains no server/API or credential requirements — this looks like a product/packaging note, not a malicious mismatch.
Instruction Scope
SKILL.md instructs CLI usage and optional pip install. The CLI only reads user-supplied files (JSON, markdown, JD) and writes local output; it does not access unrelated filesystem paths or environment variables, nor does it transmit data to external endpoints in the visible code.
Install Mechanism
Registry contains no install spec (instruction-only), while SKILL.md shows a 'pip install resume-generator' command. That pip line is a user instruction to install the package from PyPI and is common, but installing from PyPI pulls remote code (standard behavior). The skill bundle itself includes Python source files, and there is no automated installer or external downloads in the package.
Credentials
The skill declares no required environment variables, no credentials, and the code does not read env vars. PDF export suggests optional pdfkit/wkhtmltopdf dependencies, but those are only optional tools and not requested as secrets.
Persistence & Privilege
Flags show always:false and normal user-invocable/autonomous settings. The skill does not request permanent system presence or modify other skills; no elevated privileges are requested.
Assessment
This skill appears to be what it claims: a local resume generator. Before installing or running: (1) if you don't already trust the PyPI package name shown in SKILL.md, avoid running the pip install line and instead inspect or run the included source locally in a sandbox; (2) the tool processes personal data (name, email, resume text, JD) locally—don't feed it sensitive secrets or credentials; (3) PDF export relies on optional external tools (pdfkit/wkhtmltopdf) if you need PDF output; and (4) note the SKILL.md mentions 'API access' in pricing but there is no API/client code here—if you expect an online API, ask the author for details. Overall I find no indicators of hidden endpoints, exfiltration, or excessive privileges.Like a lobster shell, security has layers — review code before you run it.
latestvk9744rzr62emr9awyrr8s0gdsn84bgmf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.