ClawHub

Jobautopilot Submitter

v1.3.2

Automatically fills and submits job applications. Opens the application page, fills multi-step forms (work history, education, EEOC, dropdowns), uploads your...

0· 150·0 current·0 all-time
by@jerronl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
stale
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Requested binaries (openclaw, python3), python-docx, and environment variables (name, email, phone, LinkedIn, RESUME_DIR, TRACKER_PATH) all align with the stated purpose of filling forms and uploading resumes. The included scripts (DOM query, shell fill template, fuzzy-match helpers) match browser automation/form-filling functionality.
Instruction Scope
SKILL.md and scripts largely stay within form-filling scope: the JS is a read-only DOM query and shell templates run openclaw CLI commands. Two notes: (1) SKILL.md references reading .docx resumes via python-docx, but no python extraction script is present in the files — confirm how/where resume parsing is performed at runtime. (2) The skill writes ephemeral scripts to /tmp and reads files from RESUME_DIR and TRACKER_PATH; those filesystem accesses are expected but worth auditing (ensure paths point only to intended files).
Install Mechanism
No install spec (instruction-only) and only three small local scripts are bundled. This is low-risk from installation perspective — no remote downloads or archive extraction.
Credentials
Requested environment variables are appropriate for form-filling (personal info, resume directory, tracker path). They do grant access to local files/paths (RESUME_DIR, TRACKER_PATH) — this is expected but gives the skill access to those files. There are no unrelated secret keys or cloud credentials requested.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system modifications. The SKILL.md explicitly states it does not leave background processes running. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill appears to do what it says: browser-driven form-filling using the openclaw CLI and local scripts. Before installing, (1) review the included scripts (check_required_fields.js, fill_template.sh, match_variant_options.sh) yourself to confirm they match your expectations; (2) verify where and how .docx resume parsing will run (SKILL.md mentions python-docx but there is no python script bundled); (3) ensure RESUME_DIR and TRACKER_PATH environment variables point only to directories/files you want the agent to access; (4) be aware the browser will navigate to job sites you instruct it to — if those sites require logins the browser's saved credential autofill may be used (the skill claims it does not read passwords itself); and (5) avoid supplying unrelated or high-privilege credentials. If any of these points are unclear, ask the maintainer for a runtime walkthrough or for the missing resume-parsing code before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dz2y5rpa6g0xwdh13kgr01h845qts

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binspython3, openclaw
EnvOPENCLAW_USER, OPENCLAW_PROFILE, USER_FIRST_NAME, USER_LAST_NAME, USER_EMAIL, USER_PHONE, USER_LINKEDIN, RESUME_DIR, TRACKER_PATH

Comments