← 返回 Skills 市场
Resume Rocket
作者
chenmoon1111
· GitHub ↗
· v0.1.1
· MIT-0
87
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install resume-rocket
功能描述
AI 简历火箭 — 一键把你的简历改写成目标 JD 的满分匹配版,可选对接 Boss 直聘自动投递。输入旧简历 + 目标岗位 JD,输出「高命中改写版 + 匹配度评分 + 面试话术卡」。春招/秋招/跳槽必备。
安全使用建议
Key things to consider before installing/use:
- Privacy: Despite the SKILL.md claim that résumé data 'does not upload to the cloud', the tool sends resume fragments and JD text to the configured LLM provider when doing rewrite or generating interview cards. That means your resume content will be transmitted to whichever LLM service you configure. If you are concerned about sensitive personal data, do not enable LLM features or scrub PII first.
- Do NOT share your personal LLM API key with the developer or anyone else. The repo/ docs ask users to paste keys for testing — you should refuse. Configure and use your own key locally instead.
- License/payments: The project uses a local, HMAC-based offline license scheme with a default secret baked into the code. If published with that default secret, attackers (or anyone with the repo) could generate valid activation codes to bypass paid gating. If you plan to use or distribute this skill, replace RR_LICENSE_SECRET with a secure secret and move license verification to a server you control.
- Private payments / off-platform activation: The payment flow described (QR + manual activation via codes) is off-platform and hard to audit. Expect limited buyer protections and manual delivery delays.
- Auto-apply risk: The Pro auto-apply feature automates applications to job platforms and admits the risk of account suspension; use conservatively and prefer manual control.
- If you want to proceed: audit or remove the scripts that generate licenses (scripts/gen-license.py) and the default secret before publishing; run the code locally using your own LLM key; never give your key to the maintainer; and verify the skill.json pricing_server usage if you expect server-side verification. If you are uncomfortable with these issues, mark the skill as untrusted or require more changes from the author before using.
能力标签
能力评估
Purpose & Capability
Code and SKILL.md align with the stated purpose: parsing resumes, extracting JD keywords, scoring, rewriting via LLM, exporting DOCX/MD, and a Pro auto-apply flow (stubbed call to boss-zhipin). Minor mismatch: skill.json includes a pricing_server URL that the code does not call (unused/inconsistent). Overall capabilities match the description.
Instruction Scope
SKILL.md claims '简历数据不上传云端', but the code sends resume snippets and JD text to remote LLM providers via the OpenAI client (rewriter.generate and interview generation). Additionally, the documentation and DAY2 report explicitly encourage users to hand over their LLM API key to the developer for testing — that's a social-engineering/privacy risk and not required for normal operation (the code accepts a local key but should never require sending it to third parties). The Pro auto-apply flow uses a local subprocess and currently only prints a stub; the code does attempt to perform network scraping of JD URLs (requests) which is expected for JD fetcher.
Install Mechanism
There is no remote arbitrary download/install payload. Dependencies are standard Python packages listed in requirements.txt (python-docx, pdfplumber, requests, openai). No install spec that fetches code from untrusted URLs and no archive extraction. This is proportionate to the task.
Credentials
The skill sensibly requests an LLM API key (RR_LLM_KEY or common fallbacks) which is necessary for rewrite/interview features. Concerns: (1) SKILL.md and in-repo docs encourage users to share their API key with the developer for testing — unnecessary and risky. (2) The license system uses a local HMAC secret (RR_LICENSE_SECRET) hard-coded default in the repo; publishing that secret allows anyone to generate valid-looking activation codes locally, undermining the paid gating. (3) skill.json marks llm-key required but the code gracefully degrades without a key; this inconsistency may mislead install-time validation.
Persistence & Privilege
The skill does not request elevated system privileges or 'always' installation. It writes a usage file under the user's home (~/.openclaw/resume-rocket-usage.json) and outputs to a local ./output directory — expected for this tool. Auto-apply could perform many outbound requests (to job sites) when used in Pro mode; that behavior is opt-in and gated by the license check, but bear in mind account risk when using automated application.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install resume-rocket - 安装完成后,直接呼叫该 Skill 的名称或使用
/resume-rocket触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
v0.1.1: 加入私域支付闭环(支付宝/微信收款码 + 手动发激活码),脱敏真人案例 chen-case-report.md,发布清单,CHANGELOG。
v0.1.0
Initial release of resume-rocket.
- Instantly rewrites your resume to match a target job description, improving ATS keyword alignment.
- Supports input via PDF, DOCX, Markdown, or TXT; parses and extracts key resume data.
- Analyzes JD from Boss 直聘 (auto-fetch or paste), extracts keywords, and scores matching (out of 100).
- Outputs: optimized resume, match report, and custom interview Q&A cards (cards for paid users).
- Optional Pro features: Boss 直聘 automatic job application and submission analytics.
- Free tier: 1 rewrite per day; paid plans unlock more features and usage.
元数据
常见问题
Resume Rocket 是什么?
AI 简历火箭 — 一键把你的简历改写成目标 JD 的满分匹配版,可选对接 Boss 直聘自动投递。输入旧简历 + 目标岗位 JD,输出「高命中改写版 + 匹配度评分 + 面试话术卡」。春招/秋招/跳槽必备。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 87 次。
如何安装 Resume Rocket?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install resume-rocket」即可一键安装,无需额外配置。
Resume Rocket 是免费的吗?
是的,Resume Rocket 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Resume Rocket 支持哪些平台?
Resume Rocket 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Resume Rocket?
由 chenmoon1111(@chenmoon1111)开发并维护,当前版本 v0.1.1。
推荐 Skills