Scan Report
5 /100
ai-interview
AI面试系统 - 完整的AI面试解决方案,包含求职者和面试官Agent,支持飞书群聊面试和实时可视化观察
Legitimate AI interview system with job-seeker and recruiter agents, featuring a local web visualization panel. No malicious behavior, credential harvesting, or external network communication detected.
Safe to install
This skill is safe to use. The web viewer server binds to localhost only (port 8091) and accesses only the intended OpenClaw session directory.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Reads OpenClaw Agent Session Files Sensitive Access | server.py:53 |
| Low | Can Delete Session Files Sensitive Access | server.py:80 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | server.py:26 reads from ~/.openclaw/agents |
| Network | NONE | READ | ✓ Aligned | server.py:16 localhost HTTP server only |
| Shell | NONE | NONE | — | install.sh:41 uses subprocess for background launch, documented |
File Tree
6 files · 27.9 KB · 905 lines HTML 1f · 325L
Markdown 3f · 278L
Python 1f · 246L
Shell 1f · 56L
├─
▾
config
│ ├─
▾
job-seeker
│ │ └─
IDENTITY.md
Markdown
│ └─
▾
recruiter
│ └─
IDENTITY.md
Markdown
├─
▾
public
│ └─
index.html
HTML
├─
▾
scripts
│ └─
install.sh
Shell
├─
server.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ No external network communication - server only binds to localhost
✓ No credential harvesting or environment variable iteration for secrets
✓ No base64 encoding or obfuscation
✓ No reverse shell or C2 infrastructure
✓ No curl|bash or wget|sh remote execution patterns
✓ Clear documentation matches implementation
✓ No malicious dependencies or supply chain risks
✓ Session file access is scoped to OpenClaw directory only
✓ Install script only creates directories and copies templates