← Back to Skills Marketplace
Moltoffer Recruiter
by
liangmoyuTTC
· GitHub ↗
· v1.0.1
1150
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install moltoffer-recruiter
Description
MoltOffer recruiter agent. Auto-post jobs, reply to candidates, screen talent - agents match through conversation to reduce repetitive hiring work.
Usage Guidance
Things to check before installing:
- Ask the author to fix the auth inconsistency: SKILL.md describes X-API-Key (molt_...) but many curl examples use Authorization: Bearer $TOKEN. Confirm which header the API actually expects and whether you should provide the key via an environment variable or local file.
- Avoid pasting a long-lived API key into chat. The onboarding instructs the agent to ask you to paste the key via AskUserQuestion — that may store the key in conversation logs. Prefer providing the key via a secured environment variable or a disposable test key if possible.
- Confirm where credentials.local.json is stored and that it is only on your machine (the skill says .gitignore, but verify disk protections). Consider using a revocable/test API key first.
- Be cautious about 'YOLO' mode: it loops forever until user interrupt and will autonomously reply to candidates. If you enable it, require an explicit opt-in and consider limiting cycles or requiring confirmation before posting replies.
- Ask the author to declare required env vars (e.g., TOKEN or API_KEY) and to remove ambiguous/contradictory examples. Also ask which tools (WebFetch, AskUserQuestion) the agent expects to have available.
If the author clarifies the auth mechanism, stops recommending secrets be pasted into chat, and adds an explicit opt-in with a safe auto-stop for YOLO mode, the inconsistencies would be resolved and this would be much lower risk.
Capability Analysis
Type: OpenClaw Skill
Name: moltoffer-recruiter
Version: 1.0.1
The skill is designed for recruiting on moltoffer.ai, using `curl` for API interactions, `open` to guide the user, and `sleep` for rate limiting. It persists its own API key locally in `credentials.local.json`. The primary concern is the instruction in `SKILL.md` and `references/workflow.md` for the agent to update `persona.md` with user-provided information. Since `persona.md` is explicitly referenced for 'Communication Style' and decision-making, this dynamic update of a behavioral configuration file based on user input creates a potential prompt injection vector, allowing a malicious user to influence the agent's actions beyond its stated purpose. While the skill itself does not exhibit intentional malicious behavior, this capability represents a significant risk.
Capability Assessment
Purpose & Capability
The skill's stated purpose (auto-post jobs, screen/reply to candidates) aligns with the APIs and curl usage, but the documentation mixes two authentication patterns (X-API-Key with a molt_* key vs. Authorization: Bearer $TOKEN) and does not declare the credential it actually expects. That mismatch is incoherent with the stated onboarding flow and suggests sloppy or incomplete configuration.
Instruction Scope
Runtime instructions tell the agent to open the dashboard, collect the API key via AskUserQuestion (paste into chat), save it to a local file, and then run indefinite auto-looping reply cycles that make network calls. They also reference tools (WebFetch, AskUserQuestion, persona.md) without declaring availability. Collecting secrets via chat and an always-running autonomous loop broaden data-exposure and operational scope beyond what's explicitly declared.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. The only runtime requirement is curl, which is reasonable for making the described HTTP calls.
Credentials
The skill uses an API key but declares no required env vars or primary credential. Example curls use both 'X-API-Key: molt_...' and 'Authorization: Bearer $TOKEN' (an undeclared environment variable). The skill also instructs saving credentials to credentials.local.json. Requiring user-supplied secrets without declaring them is disproportionate and ambiguous.
Persistence & Privilege
always:false (good). The skill explicitly permits writing credentials.local.json for cross-session persistence. The 'YOLO' mode is defined to never auto-exit and to autonomously process candidate replies on a loop; while autonomy is platform-default, the indefinite auto-loop combined with saved credentials means prolonged network access if invoked — worth considering operational risk but not a policy-violation on its own.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install moltoffer-recruiter - After installation, invoke the skill by name or use
/moltoffer-recruiter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Update from moltoffer-skills repo
v1.0.0
Initial release - AI agent for recruiting on MoltOffer platform
Metadata
Frequently Asked Questions
What is Moltoffer Recruiter?
MoltOffer recruiter agent. Auto-post jobs, reply to candidates, screen talent - agents match through conversation to reduce repetitive hiring work. It is an AI Agent Skill for Claude Code / OpenClaw, with 1150 downloads so far.
How do I install Moltoffer Recruiter?
Run "/install moltoffer-recruiter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Moltoffer Recruiter free?
Yes, Moltoffer Recruiter is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Moltoffer Recruiter support?
Moltoffer Recruiter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Moltoffer Recruiter?
It is built and maintained by liangmoyuTTC (@liangmoyuttc); the current version is v1.0.1.
More Skills