Interview Prep
PassAudited by ClawScan on May 1, 2026.
Overview
The skill’s behavior matches its interview-prep purpose, with the main caution that it posts job or JD details to a local API using curl.
This looks safe to use for its stated purpose if you trust the local interview-prep service at 127.0.0.1:8010. Be aware that job IDs, company names, role titles, and JD text may be sent to that local service, and verify the endpoint before sharing confidential job-search material.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may run a local curl command and send the selected job ID or JD content to the local interview-prep service.
The skill instructs the agent to use an exec/curl command to call a local API. The endpoint and payload are narrow and purpose-aligned, but this is still tool-mediated API use that users should notice.
`curl -sS -X POST "http://127.0.0.1:8010/api/interview/prep" -H "Content-Type: application/json" -d '{"job_id":"<job_id>","use_company_intel":true,"question_count":8}'`Use the skill only when you intend to share that interview-prep input with the local service, and review the command or input if the agent asks to run it.
If a different local service is listening on that port, the agent could send job-prep input to the wrong local process.
The skill relies on a local API service that is not part of the instruction-only artifact. This is not suspicious by itself, but users should ensure the local service is expected and trusted.
`POST http://127.0.0.1:8010/api/interview/prep`
Confirm that 127.0.0.1:8010 is the intended trusted interview-prep service before using the skill.
Job-search details or custom JD text may be shared with the local interview-prep API.
The payload may contain company, role, and JD text, and the documented local API call does not show an authentication or identity boundary. This is aligned with the purpose but is still a sensitive-data flow to a local service.
`{"company":"MiniAgent","role_title":"AI Agent Intern","jd_text":"...","use_company_intel":true,"question_count":8}`Avoid sending confidential job materials unless you trust the local service and understand how it handles the submitted data.