Job Hunter
v0.1.0Build and deploy an automated job hunting system with Telegram bot. Scrapes LinkedIn jobs, scores them by match percentage, sends notifications with apply bu...
⭐ 0· 36·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (job scraping + Telegram bot) align with the included scripts. The code only requires a local config.json (Telegram bot token, user IDs, candidate profile), writes to a local SQLite DB, and calls linkedin.com and api.telegram.org — all expected for the stated functionality.
Instruction Scope
SKILL.md instructions are narrowly scoped to gathering a candidate profile, setting up a Telegram bot, deploying the provided scripts, and scheduling cron runs. It does ask you to store contact/PII (name, email, phone, LinkedIn URL) in config.json — this is functionally useful for future CV generation but is sensitive and should be stored/handled carefully. The scraper uses LinkedIn's public guest endpoints and HTML parsing (regex), which is brittle and may break or violate LinkedIn terms of service.
Install Mechanism
No install spec or remote downloads are used — this is an instruction-only skill with bundled Python scripts. No external archives or package installs are performed by the skill itself; dependency installation is left to the user/environment.
Credentials
The skill asks you to populate config.json with a Telegram bot token and user IDs (sensitive but proportional to sending messages). It does not request other credentials or environment variables. Storing the bot token and personal PII in an unencrypted config file is risky in practice; the code expects those values in plaintext in the working directory.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide configurations, and only persists to its own jobs.db and local config.json. Autonomous model invocation is default but not combined with other high-risk factors here.
Assessment
This package appears to do what it says: scrape LinkedIn guest pages, score jobs, and send Telegram notifications. Before installing or running: (1) review and protect config.json because it will contain your Telegram bot token and personal PII — consider using environment variables or a secrets store instead of a plaintext file; (2) run the code in an isolated account or container and ensure file permissions on the project directory are restrictive; (3) be aware LinkedIn scraping may be brittle and could violate LinkedIn's Terms of Service; (4) the scripts only contact linkedin.com and api.telegram.org — if you see other network activity after running, stop and inspect; (5) use a single bot instance (SKILL.md notes 409 conflicts) and monitor logs; (6) if you need higher assurance, run a static review or dynamic sandbox of the scripts before giving them network access.Like a lobster shell, security has layers — review code before you run it.
latestvk97cqe8g5jffhg9jwq9qm4pyz984vtkq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.