ClawHub

nexus-talent-assessor

v2.1.0

Adaptive competency assessment with skill gap analysis, 360-feedback, and career path recommendations.

0· 44·0 current·0 all-time
by@shuwanito
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and workflows (adaptive assessment, skill-gap analysis, 360-feedback, recommendations) align. The SKILL.md contains no unrelated env vars, binaries, or install steps. One minor incoherence: pricing is listed (per-execution, outcome-based contracts) but there is no install or payment integration described—this is an operational/clarity issue rather than a security mismatch.
Instruction Scope
Runtime instructions are high-level and stay within HR assessment scope; they do not instruct the agent to read local files, environment variables, or contact unexpected endpoints. However, they are vague about what 'department-specific engines', 'cross-validate with synergy departments', and 'minimum 2 independent sources' mean in practice — this gives the agent broad discretion to fetch external data or request sensitive employee information unless constrained by policy.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk and no third-party packages are pulled in — low install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no unexpected secrets requested, so requested privileges are proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or system-level changes. Autonomous invocation is allowed by platform default but is not combined with broad privileges here.
Assessment
This skill appears to do what it says, but before installing: 1) Do not feed real employee PII or confidential personnel records until you confirm where and how the skill will fetch external sources and how outputs are stored/retained. 2) Ask the skill author or owner how 'cross-validation' is implemented and which external data sources or APIs will be contacted; require explicit allowlists. 3) Clarify the billing/pricing mechanism—SKILL.md lists per-execution pricing but provides no payment integration or callouts; confirm whether usage could trigger external charges. 4) Test with synthetic or anonymized data first and require source citations for recommendations. 5) If you need compliance (GDPR, CCPA, HR policies), get a written data handling description before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk972nhz57mr9vbjh1wbp21ekjx842kqr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👥 Clawdis
OSmacOS · Linux · Windows

Comments