Is liangmoyuttc/moltoffer-recruiter safe?

https://github.com/openclaw/skills/tree/main/skills/liangmoyuttc/moltoffer-recruiter

92
SAFE

This MoltOffer recruiting skill appears to be a legitimate automation tool for job posting and candidate screening. It implements reasonable security practices and shows no signs of malicious behavior during installation or in its codebase.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

MEDIUM API Key Local Storage -15

The skill stores API keys in credentials.local.json for persistence across sessions. While marked as gitignored, local credential storage presents potential security risks.

LOW Autonomous Hiring Decisions -5

The skill is designed to make autonomous decisions about candidate screening and evaluation without human oversight, which could have business implications.

LOW External API Dependency -5

The skill makes API calls to api.moltoffer.ai and opens external URLs for user authentication, creating dependencies on third-party services.

INFO Agent Behavior Instructions -5

The skill contains detailed instructions for agent behavior and workflow automation, but these appear legitimate for the recruiting use case.