Jobclaw Recruit
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its recruiting purpose, but it exposes and persists account tokens and allows the API destination to be changed in a way that could redirect credentials or job data.
Use this skill only if you trust JobClaw and are comfortable with the agent posting jobs and viewing matched candidate details. Before installing, ask the publisher to remove or lock down the apiUrl override, stop printing tokens, and document how to clear the saved .token file.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an untrusted or mistaken apiUrl is included, job details and authentication use could be sent to an unintended server.
A top-level apiUrl value from the input JSON can control the API base URL for authenticated publish/update/delete/match actions. This is not disclosed in SKILL.md and can redirect tool traffic away from the intended JobClaw API.
api_url = data.pop("apiUrl", DEFAULT_API)
...
client = AuthenticatedClient(api_url, "RECRUITER")Remove the apiUrl override for normal users, or strictly allowlist the official JobClaw HTTPS host and clearly document any testing-only override.
Anyone who obtains the token may be able to manage the recruiter’s posted jobs or view matched candidate information for that account.
The recruiter bearer token is inserted into the command result and printed to stdout for publish/update/delete/matches, so it can enter the agent transcript or logs even though users only need the job ID and results.
result["token"] = client.token_manager.get_token() ... print(json.dumps(result, ensure_ascii=False, indent=2))
Do not print bearer tokens in normal results. Return only needed job/match data, store tokens with restricted permissions, and provide a clear logout/token-clear command.
The skill will keep access to the recruiter account between runs until the token file is removed or invalidated.
The skill creates and stores a recruiter authentication token locally. This is purpose-aligned, but it is persistent credential material.
TOKEN_FILE = os.path.join(os.path.dirname(os.path.abspath(__file__)), ".token")
...
with open(TOKEN_FILE, 'w') as f:
f.write(new_token)Users should install only if they trust the JobClaw service and should remove the .token file when they no longer want the skill to retain account access.
Candidate names, resumes, skills, and experience may be shown to the agent and included in conversation history.
Viewing matches can return candidate personal/profile data. This is aligned with the recruiting purpose, but it is sensitive account-mediated data.
Each match includes: - Candidate details (name, resume, skills, experience, etc.) - Similarity score
Review candidate data only when needed, avoid sharing transcripts containing candidate details, and confirm the service’s privacy expectations before use.