ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skill-hr

v1.0.0

Use when the user starts a new multi-step task, asks to pick/install/manage skills, tune skill performance, or fire/remove a skill after failure. Acts as HR...

0· 26·0 current·0 all-time
byluzhoucheng@thinkitpossible
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (Skill HR for intake, matching, recruitment, handoffs, and registry/incidents) align with the provided references, prompts, and schema files. The repository contains docs, prompts, schemas, and helper scripts that are reasonable for an HR-like orchestration skill.
Instruction Scope
SKILL.md explicitly instructs reading installed skills' SKILL.md frontmatter/body and writing a project-local `.skill-hr/registry.json` and incident files. That file-IO and enumerating skill directories (workspace and user skill roots such as ~/.openclaw/skills or ~/.claude/skills) is expected for this function, but it does mean the skill will read many local skill files (including under user home). SKILL.md also references optional actions that can run scripts (validation/benchmark) which may invoke networked LLM APIs — those are optional but should be reviewed before execution.
Install Mechanism
No install spec is provided (instruction-only skill). The package includes scripts but does not declare any automatic external downloads or extraction. This is lower-risk than a skill that auto-downloads or extracts remote archives.
Credentials
The skill declares no required environment variables or credentials. However, helper scripts (e.g., run_matching_benchmark_llm.py) are documented to use an 'OpenAI-compatible API' if you run them; that implies optional use of an API key (not declared). Before running these scripts, confirm which env vars (API keys) they expect and avoid providing secrets unless you trust the code. Reading SKILL.md files under user skill roots is justified by the purpose but be aware it may surface metadata from many local locations.
Persistence & Privilege
always:false and normal autonomous invocation are used. The skill intends to create and update a workspace-scoped `.skill-hr/` directory for registry and incidents, which is appropriate for its role. SKILL.md explicitly forbids silent physical uninstall and requires explicit user confirmation for destructive actions.
Scan Findings in Context
[contains-run_matching_benchmark_llm] expected: The package includes scripts/run_matching_benchmark_llm.py which the docs state can drive P02 via an OpenAI-compatible API. That is expected for an evaluation/benchmarking helper, but it may require an API key and perform network calls if executed. Inspect the script before running and do not supply credentials unless you trust it.
[contains-validate_registry_script] expected: scripts/validate_registry.py is included and referenced by the evaluation plan (L0/L5). Running local validators is expected and safe in principle, but you should review the code for any unexpected network activity before executing.
What to consider before installing
This bundle appears to do what it says: orchestrate JD intake, match installed skills, recruit, hand off, and maintain a project-local registry and incidents directory. Still, take these precautions before installing or running anything: - Inspect the included Python scripts (scripts/run_matching_benchmark_llm.py and scripts/validate_registry.py) for any remote network calls, hidden endpoints, or commands that would send data out. Do not run them until you've reviewed them. - The benchmark script can call an 'OpenAI-compatible' API; only provide API keys if you trust the code and understand what data will be sent. Prefer running static validators (validate_registry.py) in read-only mode first. - The skill will enumerate skill directories (workspace roots and user-level skill folders like ~/.openclaw/skills or ~/.claude/skills) and read SKILL.md files. That is expected, but be aware it will access multiple local files; if there are private or sensitive files mixed into those locations, review what will be read. - The SKILL.md includes good safety guidance (vetoes against blind `curl | sh`, explicit user consent before installs, no silent deletes). Keep those gates in place: require explicit user confirmation before cloning or executing third-party installers. If you want, I can: (a) summarize the contents of any specific script for you, (b) scan the scripts for outgoing network calls and obvious exfil patterns, or (c) suggest a minimal, read-only checklist to run the package safely.

Like a lobster shell, security has layers — review code before you run it.

latestvk971w1esjwepmmttvv5xyzw64n847x54

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments