ClawHub

Jobautopilot Bundle

v1.3.2

Installs the full Job Autopilot pipeline — search jobs, tailor resumes, and submit applications. Convenience bundle that installs jobautopilot-search, jobaut...

0· 171·0 current·0 all-time
by@jerronl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
stale
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual artifacts: this is a bundle installer that installs jobautopilot-search, -tailor, and -submitter and wires local workspace files. Required runtime (python3) and included scripts are appropriate for a resume/docx conversion and local setup task. No extraneous cloud credentials, tools, or unrelated binaries are requested.
Instruction Scope
Runtime instructions and the two scripts operate locally: they prompt interactively, write a local config (~/.openclaw/users/<you>/config.sh), copy local files, and ask you to create browser profiles. The scripts claim no network calls except 'openclaw skills install' and browser navigation initiated by explicit user actions. This matches the SKILL.md, but note that the setup flow collects PII (name, email, phone, EEOC fields) and writes them into a shell file that will be sourced by the agent.
Install Mechanism
This is instruction-only (no external download/extract in the skill itself). The provided install.sh delegates to 'openclaw skills install' for sub-skills; no arbitrary remote URL downloads or archive extraction in these scripts. That is proportionate for a bundle installer.
Credentials
The skill requests no environment variables or external credentials, which is appropriate. It does write PII and EEOC fields to a local shell config file and sets file permissions (chmod 600). The setup script sanitizes inputs by removing certain metacharacters (` $ \ " ;), which reduces injection risk, but the sanitization is ad hoc (e.g., it does not explicitly normalize or escape all edge cases such as unexpected newlines or other sequences) — review the generated config.sh before sourcing it or let the agent read it only after you verify it.
Persistence & Privilege
The skill does not request permanent/autonomous presence flags (always:false) and only writes its own config/workspace files under ~/.openclaw. It does not modify other skills' configs or request system-wide privileges beyond creating files in the user's home directory.
Assessment
This bundle appears to do what it claims: install three jobautopilot sub-skills and create local workspace/config files. Before installing/running: 1) Inspect setup.sh and the generated ~/.openclaw/users/<you>/config.sh (the script prints the path and sets chmod 600) and confirm the values are correct; never run scripts you don't inspect if they will be sourced. 2) Note small inconsistencies in the package (the SKILL.md top version differs slightly from registry metadata, and setup.sh refers to 'clawhub' in messages while other places use 'openclaw'); confirm you are using the correct OpenClaw CLI commands for your environment. 3) The setup collects PII and EEOC data — ensure you are comfortable storing that locally and verify permissions after creation. 4) Browser automation will navigate job sites when you ask it to; it claims not to store passwords but may use your browser-saved credentials — avoid storing sensitive credentials if you don't want them used. 5) If you have low tolerance for risk, run the setup in a disposable/isolated account or VM first, and verify sub-skill code after 'openclaw skills install'.

Like a lobster shell, security has layers — review code before you run it.

latestvk974pnnffrmmns1fkn00wfp3bx8446ct

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binspython3

Comments