Skillv1.0.0

ClawScan security

Job Auto Apply · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 2:06 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (automatically search and apply across multiple job sites) broadly matches the included files, but there are notable inconsistencies and missing/underspecified pieces (API endpoint mismatch, heavy reliance on scraping/captcha bypass/proxies, and the main search/apply logic is placeholder), so you should review before installing or granting credentials.
Guidance: Things to check before installing or using this skill: - Verify the external API: the code calls https://api.heybossai.com/v1 but docs mention SkillBoss and other endpoints (api.skillboss.com). Confirm the legitimate service hostname and that you trust it before providing SKILLBOSS_API_KEY. - Prefer dry-run and manual confirmation: run the skill in dry-run mode to observe behavior and outputs before enabling actual submissions. - Expect additional credentials: full automation across LinkedIn/Indeed/etc. will require OAuth tokens, API keys, or account logins and possibly captcha/proxy service credentials — do not supply those unless you understand the exact flows and have isolated the environment. - Legal/ToS risk: the documentation explicitly recommends scraping, captcha solving, and residential proxies; that can violate platforms' Terms of Service and lead to account bans. Consider manual confirmation and limit automation. - Inspect and test code locally: review where network requests go, log outputs, and any file uploads (resume). Ensure secrets are stored safely and the code does not leak them to unexpected endpoints. - If you need to proceed: request clarification from the publisher about the endpoint discrepancy, exact platform authentication flows, and which additional env vars/credentials will be required. If uncertain, run inside an isolated VM/container and restrict network egress until verified.

Review Dimensions

Purpose & Capability: noteName/description match the files: the package is an auto-apply job tool that uses an external 'SkillBoss' API for analysis/cover letters. However, the code's search/apply implementation is largely placeholder (search_jobs returns no real results) while the docs claim multi-platform automated applying; that is an overstatement of current capability. Also README/SKILL.md reference 'SkillBoss' while the code posts to api.heybossai.com and platform_integration examples reference api.skillboss.com — inconsistent endpoints.
Instruction Scope: concernSKILL.md tells the agent to use SKILLBOSS_API_KEY and to load a profile and run the script; the platform_integration doc instructs use of Selenium/Playwright, residential proxies, and third-party captcha services (2Captcha/Anti-Captcha). Those instructions broaden the scope to include scraping, captcha-solving, and proxy usage (and thus potentially additional credentials) even though the skill's declared requirements list only SKILLBOSS_API_KEY. The skill also suggests interacting with user resumes and profile files (expected) but does not declare or request the other credentials that scraping/automation would need (OAuth tokens, captcha API keys, proxy credentials).
Install Mechanism: okNo install spec is provided (instruction-only plus code files). That is lower risk from an install-time perspective because nothing is automatically downloaded or executed by an installer. The code itself will be run by the user/agent if invoked.
Credentials: concernThe skill declares a single required env var (SKILLBOSS_API_KEY) which aligns with the code's top-level access to os.environ['SKILLBOSS_API_KEY']. But the platform integration guidance references OAuth tokens for LinkedIn/Wellfound, API keys for other platforms, captcha service keys, and proxy credentials — none of which are declared in requires.env. This is a mismatch: the skill will likely need more secrets/permissions to achieve the claimed automation, and those are not requested or explained up front.
Persistence & Privilege: okThe skill is not marked always:true, does not request to modify other skills, and has no install-time persistence mechanism. It will run only when invoked and does not appear to request permanent platform privileges in its metadata.