Skill Trust Decision
resume-jd-matcher
Skill contains 3 real hardcoded API keys and 5 placeholder keys in config files - credentials exposed in plaintext, though functionality appears consistent with stated resume matching purpose.
Most direct threat evidence
Critical
Hardcoded Real API Keys in Configuration Three real API keys are hardcoded in config_resume_match.yaml: Tencent Hunyuan key, Alibaba Qwen key, and CMHK bearer token. These credentials are exposed in plaintext.
references/config_resume_match.yaml:39 Why this conclusion was reached
2/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
8 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 3 severe findings.
Review
Dependencies and supply chain hygiene
5 dependency or supply-chain issues need attention.
What drove the risk score up
Hardcoded credentials in config files +45
3 real API keys and 5 placeholder keys found in config_resume_match.yaml and config_template.yaml
Credential storage in plaintext +20
API keys stored as plaintext strings, no encryption or env var usage
Most important evidence
Critical
Hardcoded Real API Keys in Configuration
Three real API keys are hardcoded in config_resume_match.yaml: Tencent Hunyuan key, Alibaba Qwen key, and CMHK bearer token. These credentials are exposed in plaintext.
references/config_resume_match.yaml:39 Remove hardcoded API keys. Use environment variables: api_key: os.environ.get('TENCENT_API_KEY')
Critical
Hardcoded API Key in Config File
Real Alibaba API key found in config_resume_match.yaml
references/config_resume_match.yaml:47 Remove hardcoded API key. Use environment variables.
Critical
Hardcoded Bearer Token in Config File
CMHK bearer token found in config_resume_match.yaml
references/config_resume_match.yaml:31 Remove hardcoded bearer token. Use environment variables.
Medium
Placeholder API Keys in Config Files
5 placeholder keys found with pattern 'YOUR_*_API_KEY' - these are not immediately dangerous but indicate the credential management pattern
references/config_resume_match.yaml, references/config_template.yaml:55, 63, 71, 23, 31, 39 Replace with environment variable references for production use
Low
No Version Pinning for Dependencies
SKILL.md lists dependencies without version constraints, though requirements.txt in code uses >= operators
SKILL.md:108 Consider pinning exact versions for reproducibility
Declared capability vs actual capability
Filesystem Pass
Declared READ/WRITE
→ Inferred READ/WRITE
SKILL.md: Reads .docx/.pdf files, writes Excel output Network Pass
Declared READ
→ Inferred READ
config_resume_match.yaml: Makes API calls to external AI services Skill Invoke Pass
Declared ADMIN
→ Inferred ADMIN
_meta.json: sessions_spawn, subagents, sessions_history Shell Pass
Declared NONE
→ Inferred NONE
No subprocess or shell execution found Suspicious artifacts and egress
High API Key
api_key: "sk-sp-sq7Y7eo9L0vgFpuESFLq5YsQB8qumjDnwOPeciB9v3F0BSKv" references/config_resume_match.yaml:39
High API Key
api_key: "sk-sp-3e0faf520b904151914a663bdbc884f7" references/config_resume_match.yaml:47
High API Key
api_key: "YOUR_BAIDU_API_KEY" references/config_resume_match.yaml:55
High API Key
api_key: "YOUR_DEEPSEEK_API_KEY" references/config_resume_match.yaml:63
High API Key
api_key: "YOUR_MOONSHOT_API_KEY" references/config_resume_match.yaml:71
High API Key
api_key: "YOUR_TENCENT_API_KEY" references/config_template.yaml:23
High API Key
api_key: "YOUR_ALIBABA_API_KEY" references/config_template.yaml:31
High API Key
api_key: "YOUR_CMHK_API_KEY" references/config_template.yaml:39
Medium External URL
https://api.hunyuan.tencent.com/v1/chat/completions SKILL.md:96
Medium External URL
https://opensseapi.cmhk.com/CMHK-LMMP-PRD_Qwen3_235B/CMHK-LMMP-PRD/v1/chat/completions references/config_resume_match.yaml:29
Medium External URL
https://api.lkeap.cloud.tencent.com/coding/anthropic/v1/messages references/config_resume_match.yaml:40
Medium External URL
https://coding.dashscope.aliyuncs.com/v1 references/config_resume_match.yaml:48
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| openpyxl | >=3.0.0 | pip | No | Version constraint only, not pinned |
| requests | >=2.28.0 | pip | No | Version constraint only, not pinned |
| python-docx | >=0.8.0 | pip | No | Version constraint only, not pinned |
| pyyaml | >=6.0.0 | pip | No | Version constraint only, not pinned |
| pdfplumber | >=0.11.0 | pip | No | Version constraint only, not pinned |
File composition
9 files · 2163 lines
Python 4 files · 1546 linesMarkdown 2 files · 408 linesYAML 2 files · 191 linesJSON 1 files · 18 lines
Files of concern · 4
SKILL.md No Version Pinning for Dependencies · https://api.hunyuan.tencent.com/v1/chat/completions
README.md references/config_resume_match.yaml Hardcoded Real API Keys in Configuration · Hardcoded API Key in Config File · Hardcoded Bearer Token in Config File · api_key: "sk-sp-sq7Y7eo9L0vgFpuESFLq5YsQB8qumjDnwOPeciB9v3F0BSKv" · api_key: "sk-sp-3e0faf520b904151914a663bdbc884f7" · api_key: "YOUR_BAIDU_API_KEY" · api_key: "YOUR_DEEPSEEK_API_KEY" · api_key: "YOUR_MOONSHOT_API_KEY" · https://opensseapi.cmhk.com/CMHK-LMMP-PRD_Qwen3_235B/CMHK-LMMP-PRD/v1/chat/completions · https://api.lkeap.cloud.tencent.com/coding/anthropic/v1/messages · https://coding.dashscope.aliyuncs.com/v1 · https://qianfan.baidubce.com/v2/chat/completions · https://api.deepseek.com/v1/chat/completions · https://api.moonshot.cn/v1/chat/completions
references/config_template.yaml api_key: "YOUR_TENCENT_API_KEY" · api_key: "YOUR_ALIBABA_API_KEY" · api_key: "YOUR_CMHK_API_KEY" · https://dashscope.aliyuncs.com/compatible-mode/v1/chat/completions
Other files · resume_match.py · skill_handler.py · batch_processor.py · main.py · _meta.json
Security positives
No shell execution or subprocess usage found
No suspicious base64 encoded payloads
No hidden instructions in HTML comments
No credential exfiltration detected beyond legitimate API usage
File system access is consistent with stated purpose (reading resumes, writing Excel)
Network access is limited to declared AI API services