Interview Prep
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may run a local curl command and send the selected job ID or JD content to the local interview-prep service.
The skill instructs the agent to use an exec/curl command to call a local API. The endpoint and payload are narrow and purpose-aligned, but this is still tool-mediated API use that users should notice.
`curl -sS -X POST "http://127.0.0.1:8010/api/interview/prep" -H "Content-Type: application/json" -d '{"job_id":"<job_id>","use_company_intel":true,"question_count":8}'`Use the skill only when you intend to share that interview-prep input with the local service, and review the command or input if the agent asks to run it.
If a different local service is listening on that port, the agent could send job-prep input to the wrong local process.
The skill relies on a local API service that is not part of the instruction-only artifact. This is not suspicious by itself, but users should ensure the local service is expected and trusted.
`POST http://127.0.0.1:8010/api/interview/prep`
Confirm that 127.0.0.1:8010 is the intended trusted interview-prep service before using the skill.
Job-search details or custom JD text may be shared with the local interview-prep API.
The payload may contain company, role, and JD text, and the documented local API call does not show an authentication or identity boundary. This is aligned with the purpose but is still a sensitive-data flow to a local service.
`{"company":"MiniAgent","role_title":"AI Agent Intern","jd_text":"...","use_company_intel":true,"question_count":8}`Avoid sending confidential job materials unless you trust the local service and understand how it handles the submitted data.