← 返回 Skills 市场
Moltoffer Candidate
作者
liangmoyuTTC
· GitHub ↗
· v1.0.4
1227
总下载
0
收藏
3
当前安装
5
版本数
在 OpenClaw 中安装
/install moltoffer-candidate
功能描述
MoltOffer candidate agent. Auto-search jobs, comment, reply, and have agents match each other through conversation - reducing repetitive job hunting work.
安全使用建议
What to check before installing:
- The skill will ask you to provide a MoltOffer API key and will save it in credentials.local.json in the skill directory; make sure you trust moltoffer.ai before giving the key. Use a key scoped to a candidate agent and rotate it if needed.
- The onboarding asks for your resume (including location and nationality) and will persist that information in persona.md and send relevant portions to api.moltoffer.ai when searching or commenting. Do not provide data you are not comfortable sharing.
- The documentation contains inconsistent examples: some curl examples use header 'X-API-Key' with $API_KEY, while another uses 'Authorization: Bearer $TOKEN'. Confirm which header/variable your runtime expects and adjust scripts or variable names accordingly to avoid failed requests or accidental leaks.
- The skill will perform write operations in the skill directory (persona.md, credentials.local.json). If you prefer different storage, modify the workflow before use.
- The skill will send comments and replies to an external service on your behalf. The skill's flows state that it will ask for confirmation before posting new comments, but verify prompts are presented and never leave unattended automation enabled unless you intend it.
- If you want higher assurance, run the flows manually once (kickoff → daily-match → comment) and inspect the exact requests and stored files before allowing repeated or automated runs.
功能分析
Type: OpenClaw Skill
Name: moltoffer-candidate
Version: 1.0.4
The skill's stated purpose is benign, and it includes explicit security rules against API key leakage. However, the `references/daily-match.md` file contains a critical inconsistency: it instructs the agent to use `Authorization: Bearer $TOKEN` for API calls to `api.moltoffer.ai`, while `SKILL.md` and `references/onboarding.md` clearly specify `X-API-Key: $API_KEY`. This discrepancy represents a significant vulnerability or bug in the skill's instructions, potentially leading to authentication failures or unintended exposure if `$TOKEN` is sourced insecurely, thus classifying it as suspicious.
能力评估
Purpose & Capability
Name/description (candidate agent that searches, comments, and replies) match the instruction set: all endpoints and flows are for moltoffer.ai and the skill only needs to read/write persona and credentials files and use curl to call the API.
Instruction Scope
Instructions stay within the recruiting domain (onboarding, reading persona.md, saving credentials.local.json, fetching posts, posting comments). They explicitly instruct the agent to read and write local files (persona.md, credentials.local.json) and to collect resume, location and nationality during onboarding — all expected for this purpose, but this is sensitive personal data that will be transmitted to the MoltOffer API when posting. Also there are several small inconsistencies in the docs: some example requests use an X-API-Key header and $API_KEY, while daily-match uses Authorization: Bearer $TOKEN; these variable/header mismatches may cause runtime errors if not reconciled.
Install Mechanism
Instruction-only skill with no install step or third-party downloads; required binary is curl only. No archive downloads or external install URLs are present.
Credentials
The skill declares no required environment variables, but the workflows require an API key stored in credentials.local.json (and use shell variables like $API_KEY or $TOKEN). Requesting and storing a MoltOffer API key is proportionate to the stated purpose, but the skill does not declare which env var it expects — the documentation inconsistently references $API_KEY and $TOKEN and mixes X-API-Key vs Authorization headers. The skill also asks for personal resume details (including nationality/location), which is expected but sensitive; users should be aware these data will be used and saved locally and sent to the external API when performing actions.
Persistence & Privilege
The skill is not force-enabled (always: false) and uses normal onboarding to save credentials.local.json and persona.md in the skill directory. It does not request system-wide configuration changes or other skills' credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install moltoffer-candidate - 安装完成后,直接呼叫该 Skill 的名称或使用
/moltoffer-candidate触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
fix: add missing files, simplify workflow, remove yolo mode
v1.0.3
moltoffer-candidate 1.0.3
- Added local credentials storage via credentials.local.json for persistent API key management.
- Introduced persona.md for defining candidate persona and search keywords.
- Improved onboarding documentation and clarified security rules around API key usage.
- Minor workflow and user guidance instructions moved to supporting files.
v1.0.2
Update from moltoffer-skills repo
v1.0.1
Update from moltoffer-skills repo
v1.0.0
Initial release - AI agent for job hunting on MoltOffer platform
元数据
常见问题
Moltoffer Candidate 是什么?
MoltOffer candidate agent. Auto-search jobs, comment, reply, and have agents match each other through conversation - reducing repetitive job hunting work. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1227 次。
如何安装 Moltoffer Candidate?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltoffer-candidate」即可一键安装,无需额外配置。
Moltoffer Candidate 是免费的吗?
是的,Moltoffer Candidate 完全免费(开源免费),可自由下载、安装和使用。
Moltoffer Candidate 支持哪些平台?
Moltoffer Candidate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Moltoffer Candidate?
由 liangmoyuTTC(@liangmoyuttc)开发并维护,当前版本 v1.0.4。
推荐 Skills