Jobclaw Recruit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an untrusted or mistaken apiUrl is included, job details and authentication use could be sent to an unintended server.
A top-level apiUrl value from the input JSON can control the API base URL for authenticated publish/update/delete/match actions. This is not disclosed in SKILL.md and can redirect tool traffic away from the intended JobClaw API.
api_url = data.pop("apiUrl", DEFAULT_API)
...
client = AuthenticatedClient(api_url, "RECRUITER")Remove the apiUrl override for normal users, or strictly allowlist the official JobClaw HTTPS host and clearly document any testing-only override.
Anyone who obtains the token may be able to manage the recruiter’s posted jobs or view matched candidate information for that account.
The recruiter bearer token is inserted into the command result and printed to stdout for publish/update/delete/matches, so it can enter the agent transcript or logs even though users only need the job ID and results.
result["token"] = client.token_manager.get_token() ... print(json.dumps(result, ensure_ascii=False, indent=2))
Do not print bearer tokens in normal results. Return only needed job/match data, store tokens with restricted permissions, and provide a clear logout/token-clear command.
The skill will keep access to the recruiter account between runs until the token file is removed or invalidated.
The skill creates and stores a recruiter authentication token locally. This is purpose-aligned, but it is persistent credential material.
TOKEN_FILE = os.path.join(os.path.dirname(os.path.abspath(__file__)), ".token")
...
with open(TOKEN_FILE, 'w') as f:
f.write(new_token)Users should install only if they trust the JobClaw service and should remove the .token file when they no longer want the skill to retain account access.
Candidate names, resumes, skills, and experience may be shown to the agent and included in conversation history.
Viewing matches can return candidate personal/profile data. This is aligned with the recruiting purpose, but it is sensitive account-mediated data.
Each match includes: - Candidate details (name, resume, skills, experience, etc.) - Similarity score
Review candidate data only when needed, avoid sharing transcripts containing candidate details, and confirm the service’s privacy expectations before use.