Job Search MCP (JobSpy)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: job-search-mcp-jobspy Version: 1.0.3 The skill bundle appears benign. The `SKILL.md` provides standard instructions for setting up a Python virtual environment and installing common, relevant dependencies (`mcp`, `python-jobspy`, `pandas`, `pydantic`) to interact with a stated 'JobSpy MCP server'. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts against the agent with harmful intent. All instructions align with the stated purpose of a job search skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing unpinned dependencies can pull newer package versions than expected, which may change behavior or introduce dependency risk.
The setup instructions install unpinned packages from the Python package ecosystem. This is purpose-aligned for a Python/MCP-based job search skill, but package versions and provenance are not fixed in the artifact.
pip install mcp python-jobspy pandas pydantic
Use a virtual environment as instructed, consider pinning package versions, and install from trusted package sources.
Search terms such as job title, location, company, and salary preferences may be sent through the configured MCP server and onward to job-listing sources.
The skill relies on an MCP server to perform job searches. This is aligned with the stated purpose, but the artifact does not specify the server configuration, trust boundary, or data-handling details.
using the JobSpy MCP server
Configure only a trusted JobSpy MCP server and avoid sending sensitive personal information unless you understand how the server and job-board integrations handle it.