Resume Optimizer

ReviewAudited by ClawScan on May 10, 2026.

Overview

This is a coherent resume/PDF helper, but it should be reviewed because its PDF script can automatically install external software into the Python environment.

Use this in a sandbox or virtual environment unless ReportLab is already installed from a trusted source. Avoid including unnecessary sensitive personal data in resumes, and check generated files in `/mnt/user-data/outputs/` before sharing them.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI05: Unexpected Code Execution

What this means

Using the PDF feature could change the local Python environment and run newly downloaded package code without a separate install step or explicit user approval.

Why it was flagged

If ReportLab is missing, normal PDF generation can automatically run pip to install an unpinned external package, including a flag that bypasses system-package protections.

Skill content

except ImportError:
    print("Installing reportlab...")
    import subprocess
    subprocess.check_call(['pip', 'install', 'reportlab', '--break-system-packages', '-q'])

Recommendation

Move ReportLab into a declared, pinned install requirement, remove `--break-system-packages`, and require user approval or a virtual environment before installing dependencies.