ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Resume Optimizer

v1.0.1

Professional resume builder with PDF export, ATS optimization, and analysis capabilities. Use when users need to (1) Create new resumes from scratch, (2) Customize/tailor existing resumes for specific roles, (3) Analyze resumes and provide improvement recommendations, (4) Convert resumes to ATS-friendly PDF format. Supports chronological, functional, and combination resume formats.

0· 3k·15 current·15 all-time
byTomsTools@tomstools11
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md, reference docs, templates, analysis checklist, and the PDF generator script all align with building, tailoring, analyzing, and exporting ATS-friendly resumes. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
Runtime instructions are narrowly scoped to collecting user resume data, consulting the included references, modifying/analysing content, and generating PDFs. The SKILL.md instructs saving outputs to /mnt/user-data/outputs/ and producing a computer:// download link — these are consistent with delivering files to the user.
Install Mechanism
There is no external install spec, but the included scripts/generate_resume_pdf.py attempts to pip-install reportlab at runtime using subprocess.check_call and the flag --break-system-packages. Installing from PyPI is reasonable for a PDF generator, but an in-script pip install changes the environment and the --break-system-packages flag is unusual and worth reviewing. No arbitrary external URLs or archives are fetched.
Credentials
The skill requests no environment variables, credentials, or config paths. The files and instructions do not reference secrets or unrelated system configuration. Saving output to /mnt/user-data/outputs/ is proportionate to the skill's purpose.
Persistence & Privilege
Skill does not request persistent/always inclusion and does not modify other skills or system-wide settings in the provided materials. It runs only when invoked; autonomous invocation is allowed by default but not a special privilege here.
Assessment
This skill appears coherent for resume creation and PDF export. Before installing or running it: (1) Inspect the full scripts/generate_resume_pdf.py file (the provided content was truncated) to ensure there are no hidden network calls, credential reads, or arbitrary execs at the end of the file; (2) be aware the script will attempt to pip-install reportlab at runtime (it uses subprocess and --break-system-packages) — run it in an isolated virtualenv/container if you want to avoid system changes; (3) confirm that writing files to /mnt/user-data/outputs/ and creating a computer:// download link matches your platform's expected behavior; (4) if you need higher assurance, run the script on a throwaway environment and inspect network activity and installed packages during first run.

Like a lobster shell, security has layers — review code before you run it.

claudevk9796t8etmy8j3zbpz7f0p8nr57zwxv4job searchvk9796t8etmy8j3zbpz7f0p8nr57zwxv4latestvk97123v5s49f1g9yvqm5kd17bx7zxq5xresumevk9796t8etmy8j3zbpz7f0p8nr57zwxv4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments