Security checks across malware telemetry and agentic risk
This is a disclosed Job Autopilot bundle that installs related skills and stores job-application details locally, with privacy-sensitive behavior users should understand before use.
Install only if you are comfortable storing your name, contact details, resume paths, and EEOC answers locally in a shell config file. Review the generated config, keep its owner-only permissions, avoid saving unnecessary credentials in the apply browser profile, and give submission commands only when you are ready for information to be entered on external job sites.
- **No outbound network calls from scripts**: `install.sh` and `setup.sh` operate locally only. The only network operations are `openclaw skills install` (downloading these skills) and browser navigation you explicitly request. - **No password handling**: This skill does not read, store, or transmit any passwords. Login flows rely on your browser's own credential store. - **Browser profiles**: Setup instructs you to manually create two isolated profiles (`search`, `apply`) using `openclaw browser profile create`. No browser profiles are created automatically by any script. You can inspect or delete them at any time. - **Personal data**: Written only to `~/.openclaw/users/<you>/config.sh`. Setup automatically restricts this file to owner-only access (`chmod 600`). Read `setup.sh` in full before running to verify this. - **Helper scripts**: All scripts in `scripts/` are plain shell, Python, and JavaScript with no obfuscation, no encoded payloads, no remote fetches at runtime. - **EEOC fields**: Standard fields required by US job application forms (Equal Employment Opportunity Commission). Values are stored locally in your config and supplied only to forms you explicitly instruct the agent to fill. They are never logged or transmitted elsewhere.
VirusTotal engine telemetry is currently stale for this artifact.
