ClawHub
Back to skill
v1.0.0

Job Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:15 AM.

Analysis

This appears to be a legitimate job-search helper, but it asks users to install and run third-party MCP/server packages that should be reviewed before use.

GuidanceBefore installing, verify the referenced JobSpy MCP server and packages, use a virtual environment if possible, and keep job searches narrowly scoped to the sites and result counts you actually need.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
pip install mcp>=1.1.0 python-jobspy>=1.1.82 pandas>=2.1.0 pydantic>=2.0.0 ... git clone https://github.com/chinpeerapat/jobspy-mcp-server.git

The setup instructions ask the user to install version-ranged packages and optionally clone a third-party MCP server repository. This is expected for the skill, but it relies on external code not included in the artifact set.

User impactIf the user follows the setup, third-party package or repository code may run locally as an MCP server.
RecommendationInstall in an isolated environment, review the referenced MCP server, and consider pinning package versions or using a lockfile before enabling it.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`scrape_jobs_tool` ... `site_name` ... `["indeed", "linkedin", "zip_recruiter", "google"]` ... `results_wanted` ... `1-1000` ... `linkedin_fetch_description`

The documented MCP tool can perform broad external job-board searches with user-controlled boards, locations, keywords, and high result counts. This matches the job-search purpose but should be scoped by the user.

User impactThe agent may send job search terms and locations to external job-board services and may generate large searches if asked.
RecommendationSpecify the job boards, locations, and maximum result counts you want, and avoid including unnecessary personal details in search queries.