Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
猎聘求职助手
v1.0.11猎聘求职助手,封装 Liepin MCP 服务。用于搜索职位、查看 JD、投递简历、管理简历。 **触发场景**: (1) 用户提到"猎聘"、"liepin"、"liepin求职"、"猎聘求职"、"猎聘助手"、"liepin助手"、"找工作"、"搜职位"、"投简历"、"查看简历" (2) 用户提供猎聘 token...
⭐ 1· 83·0 current·0 all-time
bywang@wangyapersonal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (Liepin assistant) aligns with the included code and API endpoint (open-agent.liepin.com/mcp/user). However the registry metadata declares no required environment variables or config paths while the SKILL.md and scripts clearly require a LIEPIN_TOKEN and optionally write/read a config.json. That metadata omission is inconsistent and reduces transparency.
Instruction Scope
SKILL.md instructs the agent/user only to supply a LIEPIN_TOKEN and to run the provided scripts for searching/applying/resume management. The runtime instructions and scripts operate only against the documented MCP endpoint and do not reference unrelated system files or external endpoints. They do, however, instruct/implement writing the token to config.json under a skill directory if the environment variable is not set — this persists a secret on disk and is explicitly called out in the docs.
Install Mechanism
No install spec; the skill is instruction-plus-scripts only. There is no download/install step or external package installation, which minimizes additional supply-chain risk.
Credentials
Although only a single service token (LIEPIN_TOKEN) is required for the skill's purpose, the registry metadata did not declare it. The scripts expect LIEPIN_TOKEN (or to persist the token in config.json). Persisting the token to disk is optional but documented — this is reasonable for functionality but has privacy implications and should have been declared explicitly in metadata.
Persistence & Privilege
The skill does not request elevated system privileges nor set always:true. It will create/read/delete a config.json in a skill directory (resolved via LIEPIN_SKILL_DIR or several paths under the user's home). Writing config.json is normal for storing a token but it does give the skill persistent access to the token on disk; the SKILL.md recommends the environment variable as safer.
What to consider before installing
This skill appears to do what it says: it calls the Liepin MCP API and needs your Liepin token. However the registry metadata omitted that required credential and the scripts will optionally persist the token to a config.json under a skill directory (e.g., ~/.openclaw/...). Before installing or using it: (1) prefer setting LIEPIN_TOKEN as an environment variable so the token doesn't get written to disk; (2) inspect or run the included scripts yourself to confirm the config.json path and remove it when done (set-token.js --clear deletes it); (3) confirm the MCP endpoint (open-agent.liepin.com) is expected by you; (4) if you need stronger assurance, ask the publisher to update metadata to declare LIEPIN_TOKEN and the config path, or run the scripts in an isolated environment. The primary issue is metadata/information omission and the token persistence behavior — not hidden network calls or unknown endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk97ajnz1qkf2qa2fv7wfyx68px84dqgp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.