ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CyberInterviewer

v1.0.0

Review a candidate's local PDF resume and GitHub repositories, inspect Python and C++ code paths for strengths and weaknesses, search recent interview experi...

1· 15·0 current·0 all-time
byZZIPP@llljjjwww333
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the declared inputs and behavior: reading a local PDF resume, inspecting local or public GitHub repositories, and searching public interview writeups. The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md explicitly instructs the agent to read local resume PDFs and local repository paths (expected for this functionality) and to discover public GitHub repos and web-based interview writeups 'if the host permits browsing or command execution.' That implies the skill may perform network requests or repository discovery if the environment allows; users should confirm whether their host will enable browsing/command access before assuming full functionality.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk or downloaded during install. This is the lowest-risk install model.
Credentials
The skill declares no required environment variables, credentials, or config paths. That aligns with its scope: public GitHub and web research do not require secrets, and access to private repos is expected to be provided via local paths by the user rather than by requesting tokens.
Persistence & Privilege
always is false; the agent can invoke the skill autonomously (normal platform default) and the included agent metadata disallows implicit invocation. The skill does not request persistent system changes or modify other skills' configs.
Assessment
This skill appears coherent and minimal: it will read any resume PDF or local repositories you give it and may query public GitHub and the web for interview writeups if the host permits browsing. Before installing or using it, consider: (1) do you consent to the agent reading the specific local files you provide (resumes may contain personal contact info)? (2) If you want private GitHub repos reviewed, be prepared to supply local repo paths or credentials separately — the skill does not request tokens itself. (3) Check whether your host environment allows outbound web access or command execution, since full repo discovery and up-to-date interview research depend on that. (4) If you have sensitive information in any files, remove or redact it before sharing. If you want more assurance, request a version that logs explicitly what files it reads and where it sends network requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c34zpprwcx8t32ehh0zbtts84r0y8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments