ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Recruitment Agent

招聘Agent:通过 opencli(Boss直聘) + lark-cli(飞书多维表格) 管理招聘流程。支持:(1) 查看Boss直聘最近/未读消息; (2) 将候选人存入人才库(先搜索比对,再新建/更新); (3) 添加人才决策记录(加入库/约面试/跟进/发Offer/归档); (4) 更新人才库中某候选人的...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 11 · 0 current installs · 0 all-time installs
byBill Zhuang@billzhuang6569
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (manage recruitment via opencli + lark-cli) matches the written runtime instructions, but the skill metadata lists no required binaries, env vars, or config paths while SKILL.md explicitly expects opencli, lark-cli, a Base Token, two table_ids, and the user's open_id/name. The absence of these declarations in the registry is an incoherence: a legitimate integration should declare required binaries and credentials.
!
Instruction Scope
The SKILL.md instructs the agent to read Boss chat lists and messages (potentially sensitive personal data), extract contact info (phone/WeChat), create/update records in 飞书表格, send messages to users/candidates, create calendar events and retrieve meeting links, and create recurring 'heartbeat' jobs that periodically poll chat messages. These behaviors are consistent with recruitment functionality but involve ongoing access to private chat content and PII and permit automated outgoing messages. The instructions also refer to CronCreate/CronList/CronDelete and expect the agent/operator to create persistent scheduled tasks — this introduces ongoing background access that users should explicitly consent to and understand.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing new would be written to disk by the skill bundle itself. That lowers installer-side risk. However, the runtime depends on external CLIs (opencli, lark-cli) and a CronCreate scheduling facility which the skill does not declare in metadata.
!
Credentials
The SKILL.md requires sensitive credentials and identifiers (Base Token for 飞书表格, two table IDs, the user's open_id/name) and implies use of bot identity to send messages. Yet the skill registry declares no required env vars or primary credential. This mismatch is disproportionate: the skill expects secrets and access it does not advertise, making it unclear what will be requested, stored, or used at runtime.
Persistence & Privilege
The skill instructs operators to create recurring heartbeat Cron jobs that will periodically poll candidate chat messages and trigger follow-up actions. The skill itself is not marked always:true, but the recommended cron tasks create external persistent behavior (periodic autonomous checks and potential outbound messages). This is a legitimate recruitment feature but materially increases the blast radius (ongoing access to chats and ability to message) and should be explicitly approved by operators.
What to consider before installing
Do not install or grant credentials yet. Questions and steps before using: (1) Ask the publisher to update the skill metadata to list required binaries (opencli, lark-cli), required environment variables/credentials (Base Token, talent table_id, decision table_id, user open_id/name) and explain where those secrets are stored and who can access them. (2) Confirm how CronCreate jobs are managed: which system/account runs them, how to review/stop them, and whether they run with least privilege. (3) Verify the CLIs' permissions (can lark-cli act as a bot and create events/send messages?) and supply only least-privilege tokens. (4) Be aware this skill reads private chat messages and extracts PII (phone/WeChat) and will store/send that data — ensure this is acceptable under your privacy/compliance rules. (5) If you proceed, test in a sandbox account (not production) and retain the ability to revoke tokens and delete scheduled jobs. If the publisher cannot or will not provide clear metadata and an install/run security model, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.3.0
Download zip
latestvk973856g46e0t5d7ck41nf3qnx83yfdk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Recruitment Agent

重要规则

  • opencli boss 命令必须串行执行,绝不能并行——同时运行多个会 cookie 冲突导致失败
  • 候选人定位统一用 uid 作为唯一标识

常量

⚠️ 安装后请将以下占位符替换为实际值。

名称
Base Token<YOUR_BASE_TOKEN>
人才库V3 table_id<YOUR_TALENT_TABLE_ID>
决策记录 table_id<YOUR_DECISION_TABLE_ID>
使用者姓名<YOUR_NAME>
使用者 open_id<YOUR_OPEN_ID>

工作流索引

主工作流

工作流触发词参考
1. 查看Boss消息查boss消息、未读消息、最近对话见下方内联说明
2. 存入人才库把XXX存入人才库、我对XXX感兴趣workflow-2-save-candidate.md
3. 人才决策记录对XXX做决策、约面试、发Offer、归档XXXworkflow-3-decision-record.md
4. 更新人才信息更新XXX的信息、给XXX加备注、修改XXX字段workflow-4-update-candidate.md
约面试(综合)帮我给XXX约个面试、约一下XXXworkflow-schedule-interview.md

辅助工具

工具用途参考
查看日程查可用时间段,约面试流程中调用util-check-calendar.md
发飞书消息向使用者确认信息,约面试流程中调用util-send-feishu-message.md
心跳任务后台定时检查候选人回复heartbeat_task.md

工作流 1:查看 Boss 消息(内联)

# 查看聊天列表(最近联系人)
opencli boss chatlist

# 查看与某人的聊天记录(先从 chatlist 获取 uid)
opencli boss chatmsg <uid>

输出字段:name / job / last_msg / last_time / uid / security_id

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…