← Back to Skills Marketplace
Recruiter Assistant
by
gakkiismywife
· GitHub ↗
· v1.4.2
811
Downloads
0
Stars
6
Active Installs
12
Versions
Install in OpenClaw
/install recruiter-assistant
Description
A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p...
Usage Guidance
This skill appears to do what its name says, but proceed cautiously. Key points to check before installing or running: 1) pdftotext is required by the scripts but not declared — install and test it separately. 2) The scripts print entire resume contents to stdout and instruct the agent to create and publish Feishu documents and to post summaries to HR; this will transmit candidate PII to external services. Confirm where Feishu docs are stored, who can access public links, and what authentication/scopes the feishu_doc and message tools use. 3) There are no declared credentials or env vars for Feishu; verify how authentication is handled by your agent runtime and limit permissions/scopes. 4) If you will process real candidate data, run the skill in an isolated environment (or with sanitized/test resumes) until you confirm behavior and storage/privacy controls. 5) Consider asking the publisher to: declare pdftotext as a required binary, document required tool permissions, avoid printing raw resumes to logs, and add explicit guidance or opt-in for publishing public links. If any of these are unacceptable for your privacy/security posture, do not use the skill with real candidate data.
Capability Analysis
Type: OpenClaw Skill
Name: recruiter-assistant
Version: 1.4.2
This skill bundle is highly suspicious due to multiple severe vulnerabilities. Several scripts (`scripts/batch_screen.js`, `scripts/process_incoming.js`) use `child_process.execSync` with user-controlled input, creating shell injection (RCE) risks. Additionally, multiple scripts (`scripts/generate_questions.js`, `scripts/screen_resume.js`, `scripts/summarize_interview.js`, `scripts/process_incoming.js`) are vulnerable to Local File Inclusion (LFI) by reading arbitrary files based on user-supplied paths. Most critically, `scripts/screen_resume.js` directly embeds user-controlled arguments (`lang`, `yoe`) into the AI agent's prompt, presenting a clear prompt injection vulnerability that could allow an attacker to hijack the agent's instructions and potentially exfiltrate data or perform unauthorized actions.
Capability Assessment
Purpose & Capability
The name/description (resume screening, salary benchmarking, Feishu report generation) align with the included scripts and reference files. However, the runtime expects agent-side tools (feishu_doc, message) and an external binary (pdftotext) even though the skill's metadata declares no required binaries or credentials. Those runtime dependencies should be declared or justified.
Instruction Scope
The scripts and SKILL.md instruct the agent to read full resume contents, print them to stdout, generate Feishu docs, and present public Feishu links directly in chat. Printing full resume text and instructing creation/publication of documents with candidate PII is a high privacy risk. The instructions also tell the agent to call the feishu_doc tool and to send HR notifications via a 'message' tool — these external transmissions of candidate data are not constrained or qualified in the documentation.
Install Mechanism
There is no install spec (instruction-only), which minimizes installation risk. But the scripts call the pdftotext binary and rely on a Node runtime; pdftotext is not declared in required binaries, so a missing dependency or hidden requirement exists. No network download/install steps are present.
Credentials
The skill declares no required environment variables or credentials, yet the runtime instructions explicitly direct calling a feishu_doc tool (and mention a docToken in one script). That implies the need for Feishu authentication or agent tool permissions that are not declared. The skill therefore asks (via behavior) for access to external services and candidate data without documenting what credentials or scopes will be used — disproportionate given the sensitivity of PII.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. It does read and write temporary files (e.g., /tmp) and generates per-candidate documents, which are reasonable for its purpose.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install recruiter-assistant - After installation, invoke the skill by name or use
/recruiter-assistant - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.2
Fixed Feishu blank page issue via create-then-append logic.
v1.5.1
Updated Feishu doc creation strategy.
v1.4.1
Fixed Feishu doc creation.
v1.6.0
Fixed blank doc issue. Mandatory quantification and identity audit.
v1.5.0
Final fix for Feishu blank docs using create-then-append strategy. Also includes strict data quantification and work identity auditing.
v1.4.0
Implemented robust two-step Feishu doc creation (create then append) to fix blank pages, strictly enforced work identity audit (outsourced vs direct), and mandated quantified data results.
v1.3.0
Added strict data quantification rule (unquantified resumes < 60 score), enforced work identity audit (outsourced vs direct), mandated detailed Pros/Cons, and unified Chinese output.
v1.2.0
Added Feishu Doc generation, stricter scoring for target tech stack, and mandatory detailed Pros/Cons.
v1.1.0
Updated with Shenzhen 2026 hiring criteria and AI proficiency evaluation.
v1.0.2
Updated release with Shenzhen 2026 hiring criteria and AI proficiency evaluation.
v1.0.1
Updated release with Shenzhen 2026 hiring criteria and AI proficiency evaluation.
v1.0.0
- Initial release of recruiter-assistant, a workflow automation tool for technical recruitment.
- Automates resume screening with customizable criteria (programming language and years of experience).
- Generates targeted technical interview questions based on candidate background and screening results.
- Summarizes interview notes into structured evaluation reports using a standardized template.
- Optimized for engineering roles such as Golang and PHP, with accuracy and consistency principles.
Metadata
Frequently Asked Questions
What is Recruiter Assistant?
A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p... It is an AI Agent Skill for Claude Code / OpenClaw, with 811 downloads so far.
How do I install Recruiter Assistant?
Run "/install recruiter-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Recruiter Assistant free?
Yes, Recruiter Assistant is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Recruiter Assistant support?
Recruiter Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Recruiter Assistant?
It is built and maintained by gakkiismywife (@gakkiismywife); the current version is v1.4.2.
More Skills