ClawHub
Back to skill
v1.0.0

Head Hunter

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:29 AM.

Analysis

This is a coherent instruction-only recruitment matching skill, with only minor notes about unpinned setup guidance, missing referenced code, and the need for human review of hiring recommendations.

GuidanceThis skill appears benign as an instruction-only recruitment assistant. Before installing or using related code, verify any external repository files and pin dependencies if needed. When using it for hiring, avoid unnecessary personal data, get appropriate permission to process candidate information, and keep final decisions under qualified human review.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
"install":["pip install email-validator"]

The skill documents installing an unpinned Python package. This is common and purpose-aligned for validating candidate contact emails, but users should be aware it relies on package-index provenance and version selection.

User impactInstalling the dependency may pull the latest package version available at install time, which can affect reproducibility or supply-chain assurance.
RecommendationInstall dependencies from a trusted Python environment and consider pinning a known-good version for production or regulated recruiting workflows.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
`pip install email-validator && python3 test_headhunter.py`

The README references running a test script and importing a headhunter package, but the provided artifact manifest contains only SKILL.md and README.md. Any referenced code would come from outside the reviewed artifact set.

User impactUsers may expect reviewed local code to exist, but following the README literally would require additional files or packages not included here.
RecommendationBefore running any referenced external repository code or test scripts, inspect that code separately and verify its source.
Human-Agent Trust Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Needs help with hiring decisions

The skill is explicitly intended to support candidate evaluation and hiring recommendations. That is purpose-aligned, but the recommendations may materially affect people if over-trusted.

User impactAutomated rankings or recommendations could influence real hiring outcomes if used without human review.
RecommendationUse the skill as an aid only; apply human review, documented criteria, privacy controls, and applicable employment-law or anti-bias checks.