← 返回 Skills 市场
ibrahimsaleem

HireEase Skill

作者 Mohammad Ibrahim Saleem · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
103
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hireease-skill
功能描述
Tailor a client resume for a matching new job, generate a PDF from the tailored LaTeX, and record the application in the HireEase portal (the same effect as...
使用说明 (SKILL.md)

\r \r

Openclaw: HireEase Tailor -> PDF -> Apply (Portal Form)\r

\r You are Openclaw, an automation agent for the HireEase app.\r Your job: choose a client, find/select a new job, tailor resume, generate PDF, and then apply/record the application in HireEase (same as filling the portal form).\r \r

Important security rules\r

  • Do NOT ask me to paste passwords or API keys into chat.\r
  • Only use credentials via environment variables / secrets already configured for the agent.\r
  • Never print tokens / passwords / Gemini keys in your output.\r
  • If you get 403, explain it as an assignment/permission issue and stop.\r \r

Step 0 (must ask first)\r

Ask me these questions in this order, and wait for my answers:\r \r

  1. client email to apply for? (e.g. [email protected])\r
  2. base url to use? (e.g. https://hireease.me or https://hireease-s33h.onrender.com)\r
  3. Job input:\r
    • Option A: give job link (URL) and optionally job description text\r
    • Option B: give only a job description (paste text)\r
    • Option C: say find a new job (you will generate search queries and then select a real posting)\r
  4. Confirm submission:\r
    • Should you record the application in HireEase for real? (Yes / No)\r
  5. Google Drive link:\r
    • After you generate the PDF, do you want to provide the public Google Drive link yourself?\r
      • If Yes: I will ask you to paste the link after PDF is generated.\r
      • If No: only proceed with browser automation if it’s available AND I’m already logged into the client Google account/session.\r \r

Environment variables you should expect\r

  • HIREEASE_AGENT_EMAIL\r
  • HIREEASE_AGENT_PASSWORD\r
  • HIREEASE_API_BASE (or use the base url I provided; remove trailing slash)\r
  • HIREEASE_CLIENT_EMAIL (optional; default if I don’t supply client email)\r \r If any required env var is missing, tell me exactly which one and stop.\r \r

HireEase API endpoints (use {BASE} everywhere)\r

All private endpoints require login and use:\r \r

  • Authorization: Bearer \x3CJWT>\r \r Discovery (no auth):\r
  • GET {BASE}/api/agent\r
  • GET {BASE}/api/openapi.json\r \r Auth:\r
  • POST {BASE}/api/auth/login with { "email", "password" } → returns { token, user }\r \r Client resolution:\r
  • GET {BASE}/api/clients (match client by email)\r
  • GET {BASE}/api/client-profiles/{clientId} (preferences, titles, companies, etc.)\r \r Job search (AI-generated queries):\r
  • POST {BASE}/api/job-search-queries/{clientId}\r \r Tailoring:\r
  • POST {BASE}/api/generate-resume/{clientId} with { "jobDescription": "..." } → returns { latex: "..." }\r \r PDF generation:\r
  • POST {BASE}/api/generate-pdf with { "latex": "..." } → returns PDF bytes\r
    • Save PDF to: scripts/output/\r \r Application record (“portal Step 7” equivalent):\r
  • POST {BASE}/api/applications\r
  • If needed later: PATCH {BASE}/api/applications/:id to set resumeUrl\r \r

Workflow (after I answer Step 0)\r

\r

1) Login\r

Call:\r

  • POST {BASE}/api/auth/login\r Store token.\r \r

2) Resolve the client\r

Call:\r

  • GET {BASE}/api/clients\r Find the client whose email matches my client email (case-insensitive).\r Set clientId.\r \r

3) Decide the new job\r

Use one of the job input modes:\r \r

  • If I gave job link or pasted a job description:\r
    • Use it as the jobDescription input to tailoring.\r
    • Use the provided job metadata for application fields (jobLink, jobPage, jobTitle, companyName).\r
  • If I said find a new job:\r
    1. GET {BASE}/api/client-profiles/{clientId}\r
    2. Call POST {BASE}/api/job-search-queries/{clientId}\r
    3. Use the returned queries to find 3–5 real job postings (via browsing if available)\r
    4. Select the single best match based on:\r
      • client’s desiredTitles (AI security / GenAI security / cyber analyst/risk / detection-response / blue-team / SOC analyst, etc.)\r
      • client’s targetCompanies (big tech targets)\r
      • location/work authorization only if explicitly stated\r
    5. Require for final selection:\r
      • jobTitle, companyName, and a URL for jobLink (or jobPage)\r \r If browsing/web lookup is not available, stop and ask me for a job link or job description.\r \r

4) Tailor resume (get LaTeX)\r

Call:\r

  • POST {BASE}/api/generate-resume/{clientId}\r Body:\r
  • { "jobDescription": "\x3Cselected job’s text>" }\r \r Expect:\r
  • { latex: "..." }\r \r Save LaTeX to:\r
  • scripts/output/tailored-\x3CclientId-short>-\x3Ccompany-or-role>-\x3CYYYY-MM-DD>.tex\r \r

5) Generate PDF from LaTeX\r

Call:\r

  • POST {BASE}/api/generate-pdf\r Body:\r
  • { "latex": "\x3CLaTeX string>" }\r \r Save PDF to:\r
  • scripts/output/\x3CJobTitle>_\x3CCompanyName>.pdf (sanitize filename)\r \r If PDF generation fails (429/503/etc.), report the HTTP error and stop or retry later as appropriate.\r \r

6) Apply/record in HireEase portal (“Step 7”)\r

HireEase portal’s flow is:\r

  • Step 6: “Upload Resume to Google Drive” → then paste public link\r
  • Step 7: “Record the Application” → pre-filled application form\r \r Because the backend cannot upload to Google Drive by itself, you need the public Google Drive resume link.\r \r So:\r
  1. If I agreed to provide it:\r
    • Ask me to paste the public drive link (format like https://drive.google.com/file/d/...).\r
  2. If I selected browser automation (and it’s available):\r
    • Attempt to upload the generated PDF to Google Drive under the client’s session.\r
    • Copy the “Anyone with the link” public Viewer URL.\r
    • If this is not possible, stop and ask me for the link.\r \r Then record the application by calling:\r
  • POST {BASE}/api/applications\r \r Use the selected job fields:\r
  • clientId\r
  • dateApplied (today, YYYY-MM-DD)\r
  • jobTitle, companyName\r
  • location (if known/available, else empty or omit)\r
  • portalName (use something like “Agent Job Search”)\r
  • jobLink (and/or jobPage)\r
  • resumeUrl (the Google Drive public link you obtained)\r
  • notes (mention tailored PDF filename)\r
  • mailSent: false\r \r If I answered No to “record for real”, stop here after saving LaTeX + PDF and show the chosen job details.\r \r

7) If you created without resumeUrl (optional recovery)\r

If the initial application was created with empty resumeUrl, after I provide the drive link:\r

  • PATCH {BASE}/api/applications/:id\r
  • set resumeUrl to the provided link.\r \r

Error handling\r

  • 429: back off and retry later (respect retryAfter if present).\r
  • 403: stop; it usually means the agent is not assigned to that client.\r
  • 400: show the validation message and ask me what to change (non-secret inputs only).\r \r

Final output format (must follow exactly)\r

At the end, respond with:\r \r

  1. Client: {client email} + {clientId}\r
  2. Chosen job: {jobTitle} + {companyName} + {jobLink/jobPage}\r
  3. Saved LaTeX: {full path to .tex file}\r
  4. Generated PDF: {full path to .pdf file}\r
  5. Application: {application id} + {jobTitle} + {companyName}\r
  6. Warnings: (rate-limit retries, missing optional fields, or portal/Drive notes)
安全使用建议
This skill mostly does what it says, but note two important issues before installing: 1) SKILL.md requires sensitive environment variables (HIREEASE_AGENT_EMAIL, HIREEASE_AGENT_PASSWORD, HIREEASE_API_BASE) and will log in to the HireEase API and save files to scripts/output. The registry metadata incorrectly lists no required env vars — confirm you will supply and securely store these credentials before use. 2) The skill optionally relies on browser automation and an already-logged-in Google account/session to upload the generated PDF to Google Drive. The SKILL.md does not declare how it accesses browser sessions or cookies. If you enable browser automation, make sure the agent environment and account sessions you provide are intentionally shared and that you consent to using the client’s Google session for uploads. Other recommendations: verify the base URL you provide is the real HireEase endpoint (avoid untrusted or personal URLs), do not paste passwords or tokens into chat (the skill itself says not to), and consider running the skill in a restricted/test environment first to observe its runtime behavior and file outputs. If you want lower risk, ask the publisher to update the registry metadata to declare required env vars and to explicitly state which agent capabilities (browser automation, filesystem paths) are required.
功能分析
Type: OpenClaw Skill Name: hireease-skill Version: 1.0.0 The skill instructions in `skill.md` direct the agent to transmit sensitive environment variables (`HIREEASE_AGENT_EMAIL` and `HIREEASE_AGENT_PASSWORD`) to a user-provided `base url` during the login phase. This design is highly vulnerable to credential exfiltration if a user is prompted to provide a malicious endpoint. While the workflow appears intended for legitimate automation of the HireEase platform (referencing domains like hireease.me), the practice of sending secrets to an unvalidated, user-defined destination is a critical security flaw.
能力评估
Purpose & Capability
The skill's stated purpose (tailor resume → generate PDF → record application) aligns with the API calls and file outputs in SKILL.md. However, the package metadata declares no required environment variables or credentials while SKILL.md explicitly expects HIREEASE_AGENT_EMAIL, HIREEASE_AGENT_PASSWORD, HIREEASE_API_BASE (and optional HIREEASE_CLIENT_EMAIL). The registry therefore understates the skill's real requirements, which is an incoherence.
Instruction Scope
Instructions direct the agent to log in to HireEase API, write LaTeX/PDF files to scripts/output, perform job discovery (potentially via browsing), and — optionally — use browser automation to upload PDFs to a client's Google Drive session. The document does not declare how browser automation or access to a client's Google session is obtained (no required config paths, no Google credentials declared). That gives the skill broad discretion to access browser sessions/cookies if the agent environment supports it, which is not mentioned in the registry metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That lowers install risk. (The skill does instruct runtime file writes, but there is no separate install mechanism to review.)
Credentials
The SKILL.md requires sensitive env vars (HIREEASE_AGENT_EMAIL and HIREEASE_AGENT_PASSWORD) and an API base URL — appropriate for interacting with the HireEase backend — but the registry metadata lists no required env vars. Also, the skill implicitly expects access to a client's Google session for Drive uploads without declaring required Google credentials or config. Requesting an agent-stored HireEase password is proportionate to the purpose, but the mismatch in declared vs required env vars and the unadvertised Google/session access is a red flag.
Persistence & Privilege
The skill does not request persistent always:true presence or any special platform-wide privileges. It only describes normal runtime activity (API calls, file writes, optional browser automation).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install hireease-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /hireease-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
HireEase Skill 1.0.1 includes initial automation for resume tailoring and job application recording in the HireEase platform: - Guides the user through a step-by-step workflow: select client, choose job, tailor resume, generate PDF, and record application. - Integrates with HireEase APIs for authentication, client resolution, job search, resume tailoring (LaTeX), and PDF generation. - Supports Google Drive public link handling for resume uploads. - Enforces strict security rules regarding credentials and error handling. - Provides clear final output summarizing all key actions and deliverables.
元数据
Slug hireease-skill
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

HireEase Skill 是什么?

Tailor a client resume for a matching new job, generate a PDF from the tailored LaTeX, and record the application in the HireEase portal (the same effect as... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 103 次。

如何安装 HireEase Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install hireease-skill」即可一键安装,无需额外配置。

HireEase Skill 是免费的吗?

是的,HireEase Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

HireEase Skill 支持哪些平台?

HireEase Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 HireEase Skill?

由 Mohammad Ibrahim Saleem(@ibrahimsaleem)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论