ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

my skill

v1.0.1

AI面试模拟与辅导。基于用户简历和JD生成定制化面试题库,逐题模拟面试并提供评分与示范回答。 触发词:面试模拟、面试准备、简历面试、interview prep、面试练习、 面试辅导、帮我准备面试、出面试题、面试题生成、interview practice、 mock interview、面试官模拟。

0· 50·0 current·0 all-time
by@yangmanqi2104201431-ship-it

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yangmanqi2104201431-ship-it/interview-prepare.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "my skill" (yangmanqi2104201431-ship-it/interview-prepare) from ClawHub.
Skill page: https://clawhub.ai/yangmanqi2104201431-ship-it/interview-prepare
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install interview-prepare

ClawHub CLI

Package manager switcher

npx clawhub@latest install interview-prepare
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (AI 面试模拟) align with the runtime instructions: parsing resumes/JD, generating question banks, and running mock interviews. However, the instructions explicitly call out tools (pdf tool, exec with python-docx/pandoc, autoglm-image-recognition, autoglm-websearch, web_fetch) while the skill declares no required binaries, installs, or credentials. That mismatch between what the skill says it will use and what it declares is an incoherence (missing declared dependencies).
Instruction Scope
SKILL.md instructs the agent to read user-provided files (PDF, DOCX, images, URLs, plain text), convert docs via exec (python-docx/pandoc), run image-recognition, and perform web searches to collect real-world interview experiences. These actions are reasonable for resume/JD-driven interview prep, but the spec does not limit or describe how user content is handled when sent to external skills/services. The instruction 'MANDATORY — use autoglm-websearch and web_fetch' means user data (job title, company, possibly resume excerpts) may be sent to external search services; that's a privacy/data-exposure consideration that is not documented in the skill.
Install Mechanism
There is no install spec and no code files (lowest disk-write risk). Nevertheless, the SKILL.md expects utilities (python-docx, pandoc) and calls via exec. The skill should declare these dependencies or provide alternatives; absence is a coherence issue but not necessarily malicious.
Credentials
The skill requests no environment variables, credentials, or config paths. Given its purpose, that is proportionate — it does not ask for unrelated secrets. The main consideration is privacy of resume/JD content sent to external websearch/image-recognition services invoked by the instructions.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system privileges. Nothing in the SKILL.md instructs modification of other skill configs or system-wide settings.
What to consider before installing
This skill appears to do what it claims (generate and run interview simulations), but it references external tools and other skills that are not declared in the package. Before installing or running: 1) Confirm the agent environment provides the referenced tools (python-docx, pandoc, pdf tool) or update the skill to declare them. 2) Ask how resume/JD content is handled when calling external services (autoglm-websearch, autoglm-image-recognition, web_fetch) — these calls may transmit personal data; avoid sending highly sensitive PII unless you trust those endpoints. 3) If you prefer local-only processing, request a version that does not call external websearch/image-recognition skills. 4) If uncertain, run the skill in a restricted/test environment and inspect logs to verify what data is transmitted. These issues explain the 'suspicious' rating (coherence gaps and potential privacy exposure); they could be benign omissions but merit review before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk976whfw57kj744x4jax8sat6585m7jx
50downloads
0stars
2versions
Updated 1d ago
v1.0.1
MIT-0
@yangmanqi2104201431-ship-it
latest
Download

Interview Prep — AI 面试模拟与辅导

核心原则(面试出题的专家思维)

面试场景决策树

用户类型?
├─ 校招/应届生 → 侧重:学习能力、基础扎实度、实习经历深挖、潜力信号
│                 题型配比:基础概念(40%) + 项目深挖(30%) + 行为题(20%) + 开放题(10%)
├─ 社招(3-8年) → 侧重:实战方法论、技术选型判断、跨团队协作、量化成果
│                 题型配比:项目深挖(35%) + 技术深度(25%) + 行为题(20%) + 情景题(15%) + 压力题(5%)
├─ 资深/管理岗 → 侧重:战略思维、团队建设、优先级判断、向上管理、失败复盘
│                 题型配比:战略判断(30%) + 管理场景(25%) + 深度项目复盘(25%) + 行为题(20%)
└─ 不明确 → 询问用户:目标岗位、工作年限、面试轮次(一面/二面/HR面)

追问深度控制

  • 每道核心题最多追问3层,在第3层触底后切换到下一题
  • 用户回答质量高(有细节、有数据、有反思)→ 可以跳过第1层直接进第2层
  • 用户回答空泛("我们团队一起做的""就是按流程来的")→ 停在第1层追问细节,不升级

NEVER List(面试出题的反模式)

  • NEVER 给空洞的鼓励式点评("很棒!继续保持")——每条反馈必须指向具体可改进的点
  • NEVER 忽略追问就急着出下一题——一道好题的价值在追问中体现
  • NEVER 评分时只看"答案正确性"——面试考察表达力、结构化思维、抗压能力,不仅是对错

每道题回答完后,指出最该改进的一个点

单题快答模式

用户没有简历/JD,也没有要走完整流程,而是直接丢过来一道面试题时(例如"面试官问'你最大的缺点是什么'怎么回答"),跳过所有 Phase,直接给出满分示范回答。

回答要求

  • 以优秀面试者的第一人称视角写回答,不是以导师口吻讲道理
  • 使用 STAR 结构(情境→任务→行动→结果),语言自然口语化
  • 如果用户提到了具体岗位/行业,结合该岗位特性定制;否则给出通用但可改编的回答
  • 回答末尾附加一两句"这道题面试官真正在考察什么"的简短分析
  • 如果用户提供了自己的答案,先点评再给示范,格式同 Phase 3

工作流程

单题快答(用户直接问一道题)→ 直接示范回答
完整流程(用户有简历/JD)→ Phase 1 → Phase 2 → Phase 3 → Phase 4

Phase 1: 输入解析

  1. 确认目标岗位(如用户未提供):
    • 主动询问用户目标岗位名称(如"Java后端开发"、"产品经理"、"数据分析师"等)
    • 询问工作年限和面试类型(校招/社招/内推)
    • 如果用户提供了JD,从中提取岗位信息
  2. 根据文件类型解析:
    • PDF → pdf 工具
    • DOCX → exec 用 python-docx/pandoc 转文本
    • 图片 → autoglm-image-recognition
    • URL → web_fetch
    • 纯文本 → 直接使用
  3. 提取结构化摘要(内存中):技能栈、项目经历、工作经历、年限、教育背景、量化成果 / 岗位职责、技能要求、团队信息
  4. 展示摘要,用户确认后进入 Phase 2

Phase 2: 生成题库

MANDATORY 步骤 A — 面经搜索:进入此阶段前,使用 autoglm-websearch 技能搜索真实面经:

  • 搜索关键词:"{目标岗位}" 面试经验 面经 2024 2025(结合技能关键词)
  • 如果用户提供了目标公司,先加上公司名搜索,再去掉公司名搜索
  • 搜索 2-3 轮,尽量覆盖:高频考点、真题风格、面试官侧重点、候选人踩坑点
  • 将搜索到的面经要点整理为参考素材(内存中),用于出题

MANDATORY 步骤 B — 加载出题指令:读取 [references/generate-prompt.md] 完整内容。Do NOT Load 其他 references 文件。

出题时:结合面经素材 + 用户简历 + JD要求,让题目更贴近真实面试风格。如果有高频考点在面经中反复出现,优先覆盖。 生成后一次性展示完整题库列表(题号、分类、考察点、难度),让用户了解全貌。

Phase 3: 逐题模拟

每道题:出题 → 用户回答 → 点评(具体改进点 + 示范回答)→ 下一题

"不会"处理:用户表示不会/不懂时,立即切换为"完美面试者"视角,给出结合其简历背景的满分示范(STAR结构),温和引导继续。

随时支持:跳过、重答、换类似题、暂停/恢复、查看进度。

Phase 4: 复盘报告

所有题目完成后,输出:

  • 总体评分 + 各维度雷达
  • 最强项/薄弱项(各举1-2个具体例子)
  • 每题得分一览
  • 具体可执行的提升建议(不是泛泛的"加强练习")

Comments

Loading comments...