Back to skill
Skillv1.0.0
ClawScan security
boss直聘自动化(无GUI) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 4:24 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and dependencies are coherent with its stated purpose (GUI automation + local OCR + auto-messaging); there are no unexplained credential requests or external downloads, but it will autonomously control the desktop and send messages so exercise caution when running it.
- Guidance
- This skill appears to do what it says: local GUI automation + OCR + automated messaging. Before running it: 1) Review and run the OCR code under skills/ocr-local (tesseract.js) to ensure no hidden network calls. 2) Test in a safe environment (VM or separate account/window) to confirm coordinates and that automated sends behave as expected; pyautogui will move the mouse and press keys. 3) Consider adding a manual confirmation step before send_chat_message or running only CLI commands that don't auto-send. 4) Ensure use complies with Boss直聘 terms of service and local laws — automated messaging can violate platform rules. 5) Keep backups of any important windows/apps while testing and verify npm/pip installs come from expected registries.
Review Dimensions
- Purpose & Capability
- okThe name/description (Boss 直聘 自动化) matches the included code and SKILL.md. Requested dependencies (pyautogui, pyperclip, Pillow, and a local tesseract.js OCR) are appropriate for screenshotting, OCR, clipboard pasting and GUI automation. There are no unrelated credentials, binaries, or surprising network hosts referenced.
- Instruction Scope
- noteSKILL.md and the code explicitly instruct reading config.json, taking screenshots, running a local Node OCR script (via subprocess.run), matching keywords, and automating clicks/keyboard input to send messages. The scope is consistent with the purpose, but the runtime behavior includes fully automated clicking/pasting/pressing Enter (i.e., sending messages) without interactive confirmation in run_loop/process_job. This is expected but worth noting as it can perform actions on the user's desktop.
- Install Mechanism
- okNo install spec in the registry package. SKILL.md asks users to run pip/npm locally (pip install requirements, npm install in skills/ocr-local). There are no downloads from untrusted URLs or archive extraction steps in the skill bundle. Installation risk is standard for local Python/Node packages.
- Credentials
- okNo environment variables, credentials, or external API keys are requested. Configuration is file-based (config.json). The skill does not attempt to read system secrets or other skill configs. The scope of access (files under the skill directory, screenshots, clipboard) is proportional to its function.
- Persistence & Privilege
- notealways:false (no forced presence). The skill can be invoked autonomously (platform default). Combined with pyautogui it can control the mouse/keyboard and send messages automatically — a high-impact capability on the local machine. This is coherent with the skill's goal but increases potential for unintended or undesired actions if misconfigured or run accidentally.