Is mikonos/interview-analysis safe?
https://github.com/openclaw/skills/tree/main/skills/mikonos/interview-analysis
mikonos/interview-analysis is a pure-markdown interview analysis skill with no executable code, no malicious prompt injection, and all canary files intact. The skill content is coherent with its stated purpose of transforming interview transcripts into structured capability assessments using named expert frameworks. The only noteworthy architectural concern is that template files contain HTML comment blocks with AI behavioral guidance, creating a secondary instruction channel outside of the audited SKILL.md; current content is benign but the pattern warrants awareness for ongoing supply-chain monitoring.
Category Scores
Findings (5)
LOW AI guidance injected via HTML comments in template files -10 ▶
The skill instructs the agent to read template files before generating output (Step 4: 'Be sure to read template content before filling in analysis results'). Two of those templates — profile_template.md and insight_template.md — contain multi-line HTML comment blocks that direct the AI on expert persona selection and evaluation dimension design. While the current content is legitimate methodology guidance, this pattern means template files function as a secondary instruction channel: an update to a template file could silently alter agent behavior without touching the audited SKILL.md. The risk is low because the instructions are clearly benign, but the architecture is worth noting for supply-chain awareness.
LOW Skill accumulates candidate PII to local disk -5 ▶
The skill generates structured Markdown analysis files saved to people/{candidate_name}/analysis/ containing comprehensive candidate profiles including resume verification tables, red-flag annotations, hire/no-hire verdicts, and verbatim interview quotes. Over time this creates a dossier store of personally identifiable information. No network exfiltration occurs during normal skill operation, but the data pool represents a privacy liability if the agent environment is compromised or if the output directory is accessible to other skills.
INFO OpenClaw gateway maintains persistent outbound connections post-install -12 ▶
After skill installation, the openclaw-gateway process (pid=1087) established and maintained TCP ESTABLISHED connections to 3.217.42.175:443 (AWS) and 104.16.5.34:443 (Cloudflare), and opened listening sockets on 127.0.0.1:18790 and 127.0.0.1:18793. These are consistent with the OpenClaw agent platform's own backend connectivity and are not attributable to the skill. The skill is pure markdown and cannot independently initiate network connections. This finding is informational for users assessing the OpenClaw platform's network footprint.
INFO Canary file reads attributable to OATHE monitoring, not skill 0 ▶
File access syscalls show reads of .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and .config/gcloud/application_default_credentials.json at audit timestamp ~1771950739 (approximately 5 seconds after install completion at ~1771950734). These reads occur in the absence of any executable skill code and are consistent with OATHE's own post-install canary integrity verification routine. Canary integrity report confirms all files intact with no modification or exfiltration.
INFO Skill purpose requires processing sensitive HR recruitment data -12 ▶
The skill is designed to ingest and deeply analyze job candidate interview transcripts, generating profiles that include assessments of credibility, competency gaps, and hire/no-hire recommendations. In production use this inherently involves PII. The HIRE/NO HIRE recommendations embedded in output templates could introduce liability if outputs influenced employment decisions and the agent's analysis contained errors. Users should treat generated analyses as advisory input, not determinative records, and ensure output files are handled under applicable employment law and data protection regulations.