Job Search MCP (JobSpy)
v1.0.3Search and compare job listings across multiple boards using JobSpy MCP, with filters for criteria, location, salary, remote options, and easy apply roles.
⭐ 2· 2.3k·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a job-search capability using a 'JobSpy MCP' server and Python packages (mcp, python-jobspy). That generally aligns with the name, but the package registry metadata has no description, no source/homepage, and the skill gives no concrete details about how to connect to the JobSpy server (URL, auth, API key). The lack of publisher/source makes it hard to verify the claimed capability.
Instruction Scope
Runtime instructions tell the agent (and user) to create a venv and pip install mcp, python-jobspy, pandas, pydantic. There are no further runtime instructions in the SKILL.md about how the agent should authenticate to the JobSpy MCP server or where credentials/config live. The instructions thus require installing and running third-party code but leave out critical configuration and security details.
Install Mechanism
There is no formal install spec, but the SKILL.md advises pip install of packages with no pinned versions or provenance. Installing unvetted PyPI packages can execute arbitrary code; because the skill's package names and publisher are unknown and no homepage/source is provided, this is a meaningful risk.
Credentials
The skill declares no required environment variables or credentials, yet it depends on a separate JobSpy MCP server being 'installed and configured'. The mismatch (no declared env or auth guidance) is concerning: the agent or user will likely need to provide a server URL, credentials, or API token that are not described, leaving ambiguity about where secrets would be stored or how they'd be used.
Persistence & Privilege
The skill does not request always:true and has no special OS restrictions or config paths. Autonomous invocation is enabled by default (disable-model-invocation: false) but that is the platform default and not a unique concern here.
What to consider before installing
This skill may do what it claims, but important information is missing and it asks you to install third‑party Python packages from unknown sources. Before installing or using it: 1) Ask the publisher for a homepage, source repository, and package authorship; 2) Request explicit instructions for connecting to the JobSpy MCP server (endpoint URL, required auth, where credentials are stored); 3) Prefer pinned package versions and review the packages' source code or PyPI pages; 4) Test installation in an isolated environment (container or disposable VM) rather than your primary machine; and 5) if you can't verify the packages or server origin, do not install — the pip packages could run arbitrary code.Like a lobster shell, security has layers — review code before you run it.
jobs careers search mcp jobspyvk976kymfbg6g1zqy8drabqavk180dfaxlatestvk976kymfbg6g1zqy8drabqavk180dfax
License
MIT-0
Free to use, modify, and redistribute. No attribution required.