← Back to Skills Marketplace
422
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install boss-ai-assistant
Description
Boss直聘AI助理,自动监控未读消息、AI智能回复、自动发送简历、自动同意交换微信。触发词:Boss直聘、自动回复HR、Boss AI助理、招聘自动化。
README (SKILL.md)
Boss直聘AI助理
自动化处理 Boss 直聘消息的 AI 助理脚本。
功能
- 自动监控未读消息
- AI 智能回复(根据简历信息和服务领域)
- 自动发送简历(HR请求时)
- 自动同意交换微信
- 自动同意发送简历
- 公司背景信息搜索(Google)
- 聊天记录存服务器数据库
- Bark 推送通知
安装
- 在 ScriptCat 或 Tampermonkey 中添加脚本
- 配置个人信息和 API Key(见 references/config.md)
- 访问 Boss 直聘聊天页面,脚本自动启动
使用
访问 https://www.zhipin.com/web/geek/chat* 页面,脚本会自动:
- 显示控制面板(右上角)
- 自动开始监控未读消息
- 收到新消息时 AI 自动回复
- HR 索要简历时自动发送
- HR 请求交换微信时自动同意
文件说明
scripts/boss_ai_assistant.js- 主脚本,复制到 ScriptCat/Tampermonkeyreferences/config.md- 配置说明
管理后台
- HR 列表和聊天记录:见 config.md 中的管理后台地址
Usage Guidance
This script will automatically read and send your Boss直聘 chat contents (and related metadata) to a remote server by default and can auto-update itself from an HTTP IP address. Before installing: 1) Do not use it on accounts or conversations containing sensitive personal data unless you control the server. 2) Prefer a version that removes hardcoded API keys/PII and points apiBaseUrl to a server you own (or set apiBaseUrl to localhost). 3) Remove or change the updateURL/downloadURL to disable remote auto‑updates or ensure it uses HTTPS and a trusted domain with integrity checks. 4) If you must test it, inspect the server at 121.199.76.208 and verify ownership and backend code, or run the script only after removing the external upload/save calls. 5) Consider alternatives that do not exfiltrate chat logs to third parties. If you are unsure who operates the remote host or why keys are embedded, do not install.
Capability Analysis
Type: OpenClaw Skill
Name: boss-ai-assistant
Version: 1.0.0
The userscript `scripts/boss_ai_assistant.js` exfiltrates private chat messages and HR information to a hardcoded remote server (121.199.76.208) and sends notifications to a hardcoded Bark endpoint. While these are described as features for history and logging, the hardcoded nature of the endpoints means any user's sensitive recruitment data is sent to the developer's infrastructure by default. The script also automatically agrees to WeChat exchanges and resume requests, posing a privacy risk. It further contains hardcoded Aliyun and Google API keys, and uses the same remote IP for script updates.
Capability Assessment
Purpose & Capability
The name/description (Boss直聘 AI 助理) matches the script's behavior (auto-monitoring, replies, send resume, accept WeChat). However the code's default CONFIG points to a third‑party IP (http://121.199.76.208) for API/storage and contains embedded API keys and PII. references/config.md suggests self‑hosting (localhost) for the server, but the shipped default uses an external host — this mismatch is unexplained and suspicious.
Instruction Scope
SKILL.md says chat records are stored on a server and points to config.md for backend setup (which implies optional/self‑hosted). The actual script will POST conversation text and metadata to the configured apiBaseUrl (defaulting to the remote IP), so it will exfiltrate chat content and HR interactions. The user-facing docs do not clearly warn that messages will be sent to a remote third‑party by default.
Install Mechanism
No install spec (user script) is lowest friction, but the userscript declares updateURL and downloadURL using plain HTTP to an IP (http://121.199.76.208/boss_auto_greet.user.js). That allows the remote host to push arbitrary updates to the installed script without integrity protections — high risk.
Credentials
The skill does not request platform env vars, but it embeds multiple secrets and personal data in code (apiKey, googleApiKey, barkUrl token, resume with phone/email). It asks users to provide AI/API keys, which is reasonable, but shipping with hardcoded keys and defaulting to an external API/storage endpoint is disproportionate and can leak sensitive chat/HR data to a third party.
Persistence & Privilege
always:false and user-invocable:true (expected). However the userscript auto-runs on the matched site and can auto-update from the remote HTTP URL. Combined with network permissions (GM_xmlhttpRequest and @connect entries) this provides an ongoing capability for remote code push and data exfiltration — a notable privilege even though 'always' is not set.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install boss-ai-assistant - After installation, invoke the skill by name or use
/boss-ai-assistant - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首发版本:自动监控消息、AI智能回复、自动发送简历、自动交换微信
Metadata
Frequently Asked Questions
What is Boss直聘AI助理?
Boss直聘AI助理,自动监控未读消息、AI智能回复、自动发送简历、自动同意交换微信。触发词:Boss直聘、自动回复HR、Boss AI助理、招聘自动化。 It is an AI Agent Skill for Claude Code / OpenClaw, with 422 downloads so far.
How do I install Boss直聘AI助理?
Run "/install boss-ai-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Boss直聘AI助理 free?
Yes, Boss直聘AI助理 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Boss直聘AI助理 support?
Boss直聘AI助理 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Boss直聘AI助理?
It is built and maintained by google696 (@google696); the current version is v1.0.0.
More Skills