Skillv1.0.0

ClawScan security

Greenhouse Apply · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 10:47 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (automating Greenhouse applications) but it implicitly requires access to your filesystem and email/Gmail without declaring credentials or limits — that mismatch and the broad browser JS evaluation steps merit caution.
Guidance: Before installing or running this skill, consider: (1) It will need access to a local resume file and to your email to read verification codes — confirm how the agent will authenticate to your mailbox (OAuth, manual copy-paste, browser session) and prefer the least-privilege approach (e.g., paste codes manually or use a temporary mailbox). (2) Browser 'evaluate' steps run JavaScript in the page context and could read or send page data if the automation tool or agent is not strictly sandboxed — only run this skill in a trusted environment and know where snapshots/logs are stored. (3) Because the skill source is unknown and there is no declared credential handling, test it with non-sensitive accounts (or mock data) first and avoid granting broad mailbox access. If you need this functionality, ask the publisher how email access is done and request explicit credential/config declarations (OAuth scopes, path access) before use.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes exactly the Greenhouse form automation tasks (filling fields, React Selects, phone country widget, upload resume, verification codes). Those capabilities are coherent with the skill name/description. However, the instructions expect access to a local resume file and to the user's email/Gmail to retrieve verification codes while the skill metadata declares no required credentials or config paths, creating an inconsistency between claimed requirements and runtime needs.
Instruction Scope: concernRuntime instructions explicitly require: (1) a browser automation tool (OpenClaw browser or Chrome extension), (2) a resume PDF accessible on the filesystem, and (3) Gmail/email access to read verification codes. The SKILL.md also directs using JS evaluate calls in the page context rather than typed input. JS-evaluate in a page context can read page DOM and run arbitrary JS; combined with an automated browser this could read or transmit more data than just the verification code if not otherwise constrained. The instructions do not limit or describe how email access is performed or constrained, so the agent may need broad mailbox access to retrieve codes.
Install Mechanism: okThis is instruction-only with no install spec and no code files — lowest install risk. Nothing is downloaded or installed by the skill itself.
Credentials: concernThe skill requests (in prose) access to sensitive resources — local resume file and email/Gmail — but the declared metadata lists no required environment variables, credentials, or config paths. That omission is important: the skill will need some way to access your email and filesystem, but it does not declare what secrets or permissions it expects. Asking for mailbox access and local files is proportionate to the task only if the user explicitly consents and the mechanism is limited; this skill gives no guidance or constraints.
Persistence & Privilege: okalways is false and there is no install/daemon or persistent privilege requested. The skill does not request permanent presence or modify other skills or system-wide settings.