Auto Job Applying Agent
AdvisoryAudited by VirusTotal on Apr 15, 2026.
Overview
Type: OpenClaw Skill Name: resumex Version: 2.0.1 The 'resumex' skill bundle provides resume management and automated job application features via the Resumex API and local browser automation. While the skill is professionally documented and its logic appears aligned with its stated purpose, it is classified as suspicious due to the high-risk nature of its capabilities and potential vulnerabilities in its execution model. Specifically, the instructions in SKILL.md direct the AI agent to construct shell commands (using curl and python3) by interpolating data fetched from external job portals and APIs without explicit sanitization, which poses a risk of shell injection. The skill also handles sensitive credentials and performs automated browser actions via job_applier.py and send_pdf.py, which, although declared in PRIVACY.md, represent a significant attack surface if the agent is compromised via prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If Telegram delivery fails, someone who can see the error output may get the Telegram bot token and use it to control that bot.
Telegram bot tokens are embedded in the request URL. On HTTP or network errors, the exception includes that full URL and is printed to stderr, which can expose the token to logs or agent output.
url = f"{TELEGRAM_BASE}{bot_token}/sendMessage" ... raise RuntimeError(f"HTTP {exc.code} from {url}: {body}") ... print(f"[error] Telegram request failed: {exc}", file=sys.stderr)Redact the bot token from all exception messages before printing. Until fixed, avoid Telegram delivery or use a disposable bot token and rotate it if any error output exposed it.
The agent can submit applications in your name to external job portals; mistakes or unwanted submissions may be irreversible.
The skill intentionally uses browser automation to submit job applications, and an opt-in mode can remove per-job approval.
[5] AUTO-APPLY — Agent calls job_applier.py for each job: ✅ Standard forms → filled + submitted automatically ... AUTO_APPLY_MODE=true: Applications are submitted without per-job confirmation
Keep AUTO_APPLY_MODE=false, review each ranked job before applying, and test on one application before allowing broader automation.
Installing these dependencies adds third-party code and a large browser binary to the local environment.
The auto-apply feature depends on installing Python packages and downloading a Chromium browser binary. This is disclosed and purpose-aligned, but it expands the local dependency surface.
The agent will run this automatically on first use: pip3 install -r requirements.txt python3 -m playwright install chromium
Install in a virtual environment or sandbox, review requirements.txt, and avoid running the browser automation if you do not need auto-apply.
Your name, email, phone number, location, and profile links are used in automation and sent to selected job portals.
Personal resume/contact data is passed from the agent into a local helper process. This is expected for form filling, but it means sensitive profile data enters agent/tool context.
This script receives all resume data as CLI arguments from the OpenClaw agent ... --name ... --email ... --phone ... --location ... --linkedin
Only approve jobs and portals you trust, avoid including unnecessary sensitive details in your resume, and run the skill on a trusted single-user machine.