← 返回 Skills 市场
gakkiismywife

Recruiter Assistant

作者 gakkiismywife · GitHub ↗ · v1.4.2
cross-platform ⚠ suspicious
811
总下载
0
收藏
6
当前安装
12
版本数
在 OpenClaw 中安装
/install recruiter-assistant
功能描述
A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p...
安全使用建议
This skill appears to do what its name says, but proceed cautiously. Key points to check before installing or running: 1) pdftotext is required by the scripts but not declared — install and test it separately. 2) The scripts print entire resume contents to stdout and instruct the agent to create and publish Feishu documents and to post summaries to HR; this will transmit candidate PII to external services. Confirm where Feishu docs are stored, who can access public links, and what authentication/scopes the feishu_doc and message tools use. 3) There are no declared credentials or env vars for Feishu; verify how authentication is handled by your agent runtime and limit permissions/scopes. 4) If you will process real candidate data, run the skill in an isolated environment (or with sanitized/test resumes) until you confirm behavior and storage/privacy controls. 5) Consider asking the publisher to: declare pdftotext as a required binary, document required tool permissions, avoid printing raw resumes to logs, and add explicit guidance or opt-in for publishing public links. If any of these are unacceptable for your privacy/security posture, do not use the skill with real candidate data.
功能分析
Type: OpenClaw Skill Name: recruiter-assistant Version: 1.4.2 This skill bundle is highly suspicious due to multiple severe vulnerabilities. Several scripts (`scripts/batch_screen.js`, `scripts/process_incoming.js`) use `child_process.execSync` with user-controlled input, creating shell injection (RCE) risks. Additionally, multiple scripts (`scripts/generate_questions.js`, `scripts/screen_resume.js`, `scripts/summarize_interview.js`, `scripts/process_incoming.js`) are vulnerable to Local File Inclusion (LFI) by reading arbitrary files based on user-supplied paths. Most critically, `scripts/screen_resume.js` directly embeds user-controlled arguments (`lang`, `yoe`) into the AI agent's prompt, presenting a clear prompt injection vulnerability that could allow an attacker to hijack the agent's instructions and potentially exfiltrate data or perform unauthorized actions.
能力评估
Purpose & Capability
The name/description (resume screening, salary benchmarking, Feishu report generation) align with the included scripts and reference files. However, the runtime expects agent-side tools (feishu_doc, message) and an external binary (pdftotext) even though the skill's metadata declares no required binaries or credentials. Those runtime dependencies should be declared or justified.
Instruction Scope
The scripts and SKILL.md instruct the agent to read full resume contents, print them to stdout, generate Feishu docs, and present public Feishu links directly in chat. Printing full resume text and instructing creation/publication of documents with candidate PII is a high privacy risk. The instructions also tell the agent to call the feishu_doc tool and to send HR notifications via a 'message' tool — these external transmissions of candidate data are not constrained or qualified in the documentation.
Install Mechanism
There is no install spec (instruction-only), which minimizes installation risk. But the scripts call the pdftotext binary and rely on a Node runtime; pdftotext is not declared in required binaries, so a missing dependency or hidden requirement exists. No network download/install steps are present.
Credentials
The skill declares no required environment variables or credentials, yet the runtime instructions explicitly direct calling a feishu_doc tool (and mention a docToken in one script). That implies the need for Feishu authentication or agent tool permissions that are not declared. The skill therefore asks (via behavior) for access to external services and candidate data without documenting what credentials or scopes will be used — disproportionate given the sensitivity of PII.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. It does read and write temporary files (e.g., /tmp) and generates per-candidate documents, which are reasonable for its purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install recruiter-assistant
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /recruiter-assistant 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.2
Fixed Feishu blank page issue via create-then-append logic.
v1.5.1
Updated Feishu doc creation strategy.
v1.4.1
Fixed Feishu doc creation.
v1.6.0
Fixed blank doc issue. Mandatory quantification and identity audit.
v1.5.0
Final fix for Feishu blank docs using create-then-append strategy. Also includes strict data quantification and work identity auditing.
v1.4.0
Implemented robust two-step Feishu doc creation (create then append) to fix blank pages, strictly enforced work identity audit (outsourced vs direct), and mandated quantified data results.
v1.3.0
Added strict data quantification rule (unquantified resumes < 60 score), enforced work identity audit (outsourced vs direct), mandated detailed Pros/Cons, and unified Chinese output.
v1.2.0
Added Feishu Doc generation, stricter scoring for target tech stack, and mandatory detailed Pros/Cons.
v1.1.0
Updated with Shenzhen 2026 hiring criteria and AI proficiency evaluation.
v1.0.2
Updated release with Shenzhen 2026 hiring criteria and AI proficiency evaluation.
v1.0.1
Updated release with Shenzhen 2026 hiring criteria and AI proficiency evaluation.
v1.0.0
- Initial release of recruiter-assistant, a workflow automation tool for technical recruitment. - Automates resume screening with customizable criteria (programming language and years of experience). - Generates targeted technical interview questions based on candidate background and screening results. - Summarizes interview notes into structured evaluation reports using a standardized template. - Optimized for engineering roles such as Golang and PHP, with accuracy and consistency principles.
元数据
Slug recruiter-assistant
版本 1.4.2
许可证
累计安装 6
当前安装数 6
历史版本数 12
常见问题

Recruiter Assistant 是什么?

A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 811 次。

如何安装 Recruiter Assistant?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install recruiter-assistant」即可一键安装,无需额外配置。

Recruiter Assistant 是免费的吗?

是的,Recruiter Assistant 完全免费(开源免费),可自由下载、安装和使用。

Recruiter Assistant 支持哪些平台?

Recruiter Assistant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Recruiter Assistant?

由 gakkiismywife(@gakkiismywife)开发并维护,当前版本 v1.4.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论