智能招聘筛选系统 - AI简历筛选、智能匹配、面试安排、候选人管理
Security Analysis
medium confidenceThe skill's description and pricing claim integration and deployment features (API, ATS integration, private deployment), but the SKILL.md contains no runtime instructions, no install steps, and no credential requirements — the implementation detail is missing or inconsistent.
The name/description advertise an AI recruitment system with API, ATS integration, private deployment, and monthly plans, but the package contains only a short SKILL.md with metadata and pricing. There are no install specs, code files, or declared environment variables to support API access, ATS integration, or private hosting — these capabilities are unsupported by the provided artifacts.
The SKILL.md provides metadata and tiered pricing but no concrete runtime instructions for the agent (no APIs to call, no commands, no data handling steps). This is vague and grants no transparency about how the skill would perform screening, match candidates, or manage interviews; lacking instructions makes it unclear what the agent would actually do when invoked.
There is no install specification and no code files, which minimizes the risk of arbitrary code being written or executed on the host. From an installation perspective this is low-risk but also contributes to the incoherence noted above because expected integrations are not implemented.
The skill declares no required environment variables or credentials. That would be reasonable for a purely conversational helper, but contradicts the SKILL.md's advertised features like 'API接口', 'ATS系统集成', and '私有化部署', which normally require credentials, endpoints, or install steps. The absence of such requirements is a mismatch.
The skill does not request permanent presence (always: false) and uses default autonomous-invocation settings. There is no evidence it modifies other skills or system settings. This is normal and not a concern by itself.
Guidance
This package appears incomplete or misleading: it promises API/ATS integration and private deployments but provides no code, no install, and no credential requirements. Before installing or using it, ask the publisher for: (1) concrete runtime instructions (what endpoints or commands the agent will call), (2) required credentials and where they are stored, (3) how candidate data is collected, transmitted, stored, and deleted (encryption, retention, access controls), (4) a privacy/security policy and compliance details (GDPR/local laws), and (5) a demonstration or source code you can inspect. Because this skill deals with sensitive HR data, do not provide real candidate data until you have verified the implementation and data-handling practices. If the publisher cannot supply clear technical details, treat the skill as incomplete and do not enable it for production use.
Latest Release
v1.0.1
- SKILL.md metadata unchanged in functionality. - No feature, pricing, or capability updates included. - Documentation sections and extended content removed, leaving only the YAML header.
More by @huyong2023
Published by @huyong2023 on ClawHub
