ClawHub

Openjobs Ai Talent Search

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent OpenJobs AI scholar-search skill, but its setup instructions could expose the required API key by printing it or having the user paste it into chat.

Before installing, be prepared to configure MIRA_KEY securely yourself. Do not let the assistant print the key with `echo $MIRA_KEY` or paste the key into chat; use a secret manager or environment configuration instead. Expect scholar search criteria to be sent to OpenJobs AI.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse
Medium
What this means

Your OpenJobs AI API key could be revealed outside a secure secret store, allowing unintended use of your account if logs or transcripts are accessible.

Why it was flagged

The API key is expected for this service, but printing it with `echo` or asking the user to paste it into the interaction can expose the credential in model context, terminal history, or logs.

Skill content
Check the `MIRA_KEY` environment variable: `echo $MIRA_KEY` ... ask them to provide it, then set it as an environment variable
Recommendation

Set MIRA_KEY yourself using a secure environment or secret manager, do not paste the key into chat, and check for its presence without printing the value.

#ASI02: Tool Misuse and Exploitation
Low
What this means

Scholar search filters you provide are sent to OpenJobs AI, and requests are authenticated with your API key.

Why it was flagged

The skill directs the agent to make shell-based network requests to the OpenJobs AI API. This is central to the skill's purpose, but users should notice that their queries and API key are used with an external service.

Skill content
curl -X POST "https://mira-api.openjobs-ai.com/v1/..." -H "Authorization: Bearer $MIRA_KEY"
Recommendation

Use the skill only for intended OpenJobs AI searches and avoid submitting sensitive private information in search filters unless you are comfortable sending it to that provider.