byted-recruitment-bosszhipin
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses browser-based JavaScript execution via
window.scrollBy(0, 1000)to load more candidates. This is a standard automation technique for web scraping and is considered safe in this context. - [DATA_EXFILTRATION]: While the skill reads and writes candidate information to local workspace files (e.g.,
/root/.openclaw/workspace/jd-process/), there are no instructions to transmit this sensitive data to unauthorized external domains. Operations are restricted to the intended target site (zhipin.com) and local storage. - [EXTERNAL_DOWNLOADS]: The skill references other internal agent skills such as
computer-useandbyted-recruitment-jd-optimization. These are loaded from local paths within the platform's workspace, not from external untrusted sources. - [PROMPT_INJECTION]: The skill follows safety best practices by explicitly instructing the agent to hand off control to the user (
<browser-handoff />) for sensitive tasks like login and CAPTCHA solving, preventing automated bypass of security measures.
Audit Metadata