Resume Email Sender
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Gmail job-application helper that asks before sending, but users should verify Gmail access, recipients, wording, and local handling of resume content.
This skill appears safe to use for its stated purpose if you trust the `gog` Gmail tool. Before sending, confirm the exact recipient, message content, and whether the resume is truly attached or only included inline; also remove temporary files or logs if they contain sensitive personal information.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can send job-application emails to external recipients on the user's behalf.
The skill can send real emails from the user's Gmail account, but it explicitly requires a preview and confirmation before sending.
Always show a preview before sending ... Send this email? (yes/no) ... gog gmail send
Review the recipient, subject, body, and resume inclusion carefully before approving each send.
The connected Gmail account may be used to send or create job-application messages.
The skill requires Gmail authentication through an external tool, which is expected for sending email but grants account-level sending capability.
The `gog` skill must be installed and Gmail authenticated: gog auth add you@gmail.com --services gmail
Authenticate only the intended Gmail account, review granted scopes, and revoke access if you stop using the tool.
The safety of email sending depends partly on the separately installed `gog` tool.
The skill delegates its main action to an external CLI that is not included in the reviewed artifact set.
If `gog` not found: guide user to install with `brew install steipete/tap/gogcli`
Install `gog` only from a trusted source and keep it updated.
Resume content, contact details, and application history may remain on the local machine after sending.
The workflow may store personal resume/application content in a temporary file and optionally in a persistent local log.
cat > /tmp/job_application_email.txt ... Ask the user if they want to save this to their job search log file (`~/job-search-log.md`).
Delete temporary files if they contain sensitive details and save the job-search log only if you want a local record.
A recruiter may receive an email that says a resume is attached when no file is actually attached.
The suggested wording can imply a file attachment even when the workflow only includes the resume inline.
Mention "I have attached my resume" even if sending inline (no actual file attachment via gog — paste resume as plain text at bottom or in separate follow-up)
Change the wording to say the resume is included below unless an actual file is attached by another method.