ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Interview

v1.0.2

Run AI-powered mock interviews using Fuku.ai's free public service.

0· 377·0 current·0 all-time
byDong@zhangdong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the actual behavior: run.js scans a user-specified folder for resumes, uploads them to the documented Fuku.ai endpoints, and triggers the interview job. Required capabilities (network access, ability to read workspace files) are appropriate for the task and no unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions and the script stay within the stated scope (collect inputs, read resumes from the given folder, upload to Fuku.ai, create job, store minimal audit record). Important privacy-related behavior is present and declared: resumes (potential PII) are uploaded to a third-party service. The SKILL.md explicitly warns about this; users should confirm they have permission to upload those resumes.
Install Mechanism
There is no automated installer; the SKILL.md instructs the user to run `npm install` which pulls well-known packages (axios, form-data) from npm. No downloads from arbitrary URLs or archive extraction occur. This is proportionate to the script's needs.
Credentials
The skill requests no environment variables or credentials; it uses a small set of hardcoded, shared anonymous identifiers and endpoints as documented in SKILL.md. Those hardcoded headers/uid align with the described public/anonymous usage model.
Persistence & Privilege
The skill does not request elevated or global privileges and is not always-on. It writes minimal audit JSON files into its own `jobs` directory under the skill, which matches the declared behavior. It does not modify other skills or system-wide config.
Assessment
This skill appears to do exactly what it says: it will upload resume files from a folder you specify to Fuku.ai's public anonymous API and create an interview job. The main risk is privacy: resumes often contain sensitive PII—do not upload real candidate data unless you have consent and have reviewed Fuku.ai's privacy policy. Test with dummy resumes and a throwaway email first. Also verify file size limits and that the returned file object/URL does not leak more information than you expect. If you require on-prem or private processing, this skill is not suitable as-is.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e6htb19sbg4stb3b5q1wfjd82100k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments