ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Recruiter Assistant (Shenzhen)

A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 313 · 2 current installs · 2 all-time installs
by@gakkiismywife
duplicate of @gakkiismywife/recruiter-assistant
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Overall purpose (resume screening, question generation, interview summarization, Shenzhen salary benchmarking) matches the included scripts and reference data. However the metadata declares no required binaries while the scripts call an external tool (pdftotext) — an inconsistency between declared requirements and actual behavior.
!
Instruction Scope
Runtime instructions and scripts print full resume contents to stdout for the agent to evaluate (potentially exposing sensitive PII). Multiple scripts build shell commands by concatenating unescaped filenames into execSync calls (pdftotext and node invocations), creating command-injection risk if file names or inputs are attacker-controlled. SKILL.md expects sending summaries to HR via a 'message' tool, but code does not implement that; process_incoming.js accepts a docToken parameter that is never used—this suggests incomplete integration and unclear handling of credentials/tokens.
Install Mechanism
No install spec (instruction-only) — low install risk. But the scripts rely on an external binary 'pdftotext' which is not declared under required binaries; the lack of declared dependency is an incoherence the integrator must fix.
Credentials
No environment variables or credentials are declared, which aligns with instruction-only operation. However process_incoming.js accepts a docToken argument (unused) and SKILL.md expects use of a 'message' tool for HR notification—these imply external integration/credentials that are not declared or explained.
Persistence & Privilege
The skill is not always-enabled and requests no persistent privileges or system-wide configuration changes. It does read/write temporary files (e.g., /tmp/*.txt) and writes per-candidate output documents, which is expected for its purpose.
What to consider before installing
This skill mostly does what its description says, but don’t install it blindly. Before using: (1) Confirm and declare required binaries (pdftotext) in metadata and ensure they come from trusted packages. (2) Treat all candidate files as sensitive PII — run in a sandbox and limit where output can go. (3) Fix or audit shell calls: the scripts concatenate user-controlled filenames into execSync; sanitize or use spawn with argument arrays to avoid command injection. (4) Clarify external integrations: the README asks agents to send messages to HR and process_incoming accepts a docToken, but no credentials or message-call code are provided—decide how messaging/auth is handled and add required env vars. (5) Test with synthetic resumes first. If you are not able to validate or fix the above, consider this skill suspicious and avoid running it on real candidate data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97f1awt5y0wqnv08w2e13e8y181xbb4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Recruiter Assistant 🦞

This skill implements a high-bar recruitment workflow for technical hiring, specifically optimized for the Shenzhen market.

Workflows

1. Rigorous Resume Screening

Evaluate a candidate with a critical lens.

  • Single: node scripts/screen_resume.js <path_to_resume> --lang <language> --yoe <years_of_experience>
  • Batch: node scripts/batch_screen.js <folder_path> --threshold <score> --lang <language> --yoe <years_of_experience>
  • Output Requirements:
    1. Strict Scoring: Adheres to the 0-100 rubric in references/hiring-criteria.md. High standards for "Senior" roles (must show architectural impact and expert AI usage).
    2. Detailed Analysis: Explicitly lists at least 3-4 hard technical strengths and significant weaknesses/gaps.
    3. Separate Reporting: Each candidate evaluation must be saved/written to its own document.
    4. Salary Benchmark: Compares the candidate's expected salary against Shenzhen market rates (Boss Zhipin 2026).
    5. HR Notification: High-scoring candidates (>= threshold) should be summarized and sent to HR via the message tool.

2. AI Proficiency Evaluation

Mandatory check for AI tool usage (Cursor, Copilot, LLM APIs). Lack of AI usage is considered a significant productivity gap.

3. Interview Preparation & Summary

  • Questions: node scripts/generate_questions.js <input_json> (Focuses on the identified "Cons").
  • Summarization: node scripts/summarize_interview.js <notes_file> (Uses the template in assets/report-template.md).

Market Benchmark (Shenzhen 2026)

Refer to references/hiring-criteria.md for the latest salary data and scoring rubrics.

Core Principles

  • Critical Lens: Do not give high scores easily. High seniority requires evidence of architectural impact.
  • Data-Driven: Benchmarks must align with the current Shenzhen tech market.
  • AI-Forward: Efficiency through AI is a core requirement for a modern senior engineer.

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…