← 返回 Skills 市场
gakkiismywife

Recruiter Assistant (Shenzhen)

作者 gakkiismywife · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
496
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install recruiter-assistant-sz
功能描述
A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p...
安全使用建议
This skill mostly does what its description says, but don’t install it blindly. Before using: (1) Confirm and declare required binaries (pdftotext) in metadata and ensure they come from trusted packages. (2) Treat all candidate files as sensitive PII — run in a sandbox and limit where output can go. (3) Fix or audit shell calls: the scripts concatenate user-controlled filenames into execSync; sanitize or use spawn with argument arrays to avoid command injection. (4) Clarify external integrations: the README asks agents to send messages to HR and process_incoming accepts a docToken, but no credentials or message-call code are provided—decide how messaging/auth is handled and add required env vars. (5) Test with synthetic resumes first. If you are not able to validate or fix the above, consider this skill suspicious and avoid running it on real candidate data.
功能分析
Type: OpenClaw Skill Name: recruiter-assistant-sz Version: 1.0.0 The skill bundle contains multiple shell injection vulnerabilities in `scripts/batch_screen.js` and `scripts/process_incoming.js` due to the use of `child_process.execSync` with unsanitized user-controlled input, potentially leading to Remote Code Execution. Additionally, `scripts/generate_questions.js`, `scripts/screen_resume.js`, and `scripts/summarize_interview.js` are vulnerable to path traversal via `fs.readFileSync` with user-provided file paths. While there is no evidence of intentional malice, these critical vulnerabilities could be exploited to compromise the system.
能力评估
Purpose & Capability
Overall purpose (resume screening, question generation, interview summarization, Shenzhen salary benchmarking) matches the included scripts and reference data. However the metadata declares no required binaries while the scripts call an external tool (pdftotext) — an inconsistency between declared requirements and actual behavior.
Instruction Scope
Runtime instructions and scripts print full resume contents to stdout for the agent to evaluate (potentially exposing sensitive PII). Multiple scripts build shell commands by concatenating unescaped filenames into execSync calls (pdftotext and node invocations), creating command-injection risk if file names or inputs are attacker-controlled. SKILL.md expects sending summaries to HR via a 'message' tool, but code does not implement that; process_incoming.js accepts a docToken parameter that is never used—this suggests incomplete integration and unclear handling of credentials/tokens.
Install Mechanism
No install spec (instruction-only) — low install risk. But the scripts rely on an external binary 'pdftotext' which is not declared under required binaries; the lack of declared dependency is an incoherence the integrator must fix.
Credentials
No environment variables or credentials are declared, which aligns with instruction-only operation. However process_incoming.js accepts a docToken argument (unused) and SKILL.md expects use of a 'message' tool for HR notification—these imply external integration/credentials that are not declared or explained.
Persistence & Privilege
The skill is not always-enabled and requests no persistent privileges or system-wide configuration changes. It does read/write temporary files (e.g., /tmp/*.txt) and writes per-candidate output documents, which is expected for its purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install recruiter-assistant-sz
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /recruiter-assistant-sz 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Shenzhen-optimized recruiter assistant.
元数据
Slug recruiter-assistant-sz
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Recruiter Assistant (Shenzhen) 是什么?

A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 496 次。

如何安装 Recruiter Assistant (Shenzhen)?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install recruiter-assistant-sz」即可一键安装,无需额外配置。

Recruiter Assistant (Shenzhen) 是免费的吗?

是的,Recruiter Assistant (Shenzhen) 完全免费(开源免费),可自由下载、安装和使用。

Recruiter Assistant (Shenzhen) 支持哪些平台?

Recruiter Assistant (Shenzhen) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Recruiter Assistant (Shenzhen)?

由 gakkiismywife(@gakkiismywife)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论