Indeed Monitor
v1.0.0Monitor Indeed job postings for businesses hiring receptionists, customer service reps, or front desk staff in target areas. Each posting = a confirmed Graci...
⭐ 0· 190·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Indeed scraping for receptionist/front-desk leads) aligns with the provided Python scripts: both monitor.py and monitor_browser.py implement scraping and lead scoring. However the skill does not declare required binaries or config even though it clearly depends on other local tools (openclaw CLI, node, a local 'scrapling' script, python3). The absolute paths embedded (e.g., /Users/wlc-studio/... and /opt/homebrew/...) indicate the package is tailored to a specific environment — reasonable for an internal tool but surprising for a general-purpose published skill.
Instruction Scope
SKILL.md instructs running the included Python scripts and references local environment setup (sourcing a virtualenv, enabling Chrome relay). The code runs subprocesses that execute other local scripts/CLIs (SCRAPLING_SCRIPT, openclaw, node). The scripts also write to an absolute MASTER_LEAD_LIST.md path when run with --save. There are no instructions or safeguards around what those called tools do; the agent will execute arbitrary local code via subprocess.run, which expands the runtime scope beyond simple HTTP scraping.
Install Mechanism
No install spec is provided (instruction-only install), which minimizes supply-chain download risk. However the code requires local binaries and modules (openclaw CLI, node, and a local scrapling script) that are not declared. Because the skill relies on pre-existing local tools (including a specific local scrape.py path), the absence of explicit dependency declarations is an incoherence and a deployment risk.
Credentials
The skill declares no required environment variables or credentials, which is consistent with scraping Indeed. But it reads/writes absolute local paths (notably SCRAPLING_SCRIPT and LEADS_FILE). Writing to /Users/wlc-studio/.../MASTER_LEAD_LIST.md could modify sensitive internal files. Also executing an absolute SCRAPLING_SCRIPT path means the skill will run whatever code is at that location — this is a privilege/effect that should be explicitly declared and audited.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable; it does not request to persist as a platform-wide skill. It only writes to its own specified lead file when --save is supplied and does not modify other skills or global agent configuration.
What to consider before installing
This skill appears to do what it says (scrape Indeed and produce leads), but be cautious before running it: 1) Inspect the external scripts it calls — especially the SCRAPLING_SCRIPT at /Users/wlc-studio/.../scrapling/scrape.py and any openclaw/node modules — because the skill uses subprocess.run to execute them (they can run arbitrary code). 2) Understand that --save appends to a hard-coded MASTER_LEAD_LIST.md path; if that file is important, back it up or run without --save first. 3) Ensure the openclaw CLI and Node module paths referenced are ones you trust (they run with your account privileges). 4) If you don't control the referenced local scripts or the environment they run in, run this inside a sandbox or container, or replace calls to unknown scripts with vetted equivalents. 5) It would be safer if the skill declared required binaries/dependencies and avoided absolute user-specific paths; ask the author for a version that documents dependencies and uses relative or configurable paths before trusting it on a production machine.Like a lobster shell, security has layers — review code before you run it.
latestvk976pb5cmp00dzqq1trzb1jt5982azht
License
MIT-0
Free to use, modify, and redistribute. No attribution required.