Openjobs Jobs Search
ReviewAudited by ClawScan on May 10, 2026.
Overview
The job-search function is coherent, but the setup instructions tell the agent to print the API key, which could expose the secret in logs or chat history.
Install only if you trust OpenJobs AI and are comfortable sending job-search filters to its API. Set `MIRA_KEY` securely outside the chat, avoid any command that prints the key, and rotate the key if it has already appeared in logs or conversation history.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your job-search criteria and authenticated API requests are sent to OpenJobs AI.
The skill uses shell-based curl commands to send job-search filters to the OpenJobs AI API. This is expected for the stated purpose, but it is still external network/API use.
curl -X POST "https://mira-api.openjobs-ai.com/v1/job-fast-search" ... -H "Authorization: Bearer $MIRA_KEY"
Use only search terms you are comfortable sharing with OpenJobs AI, and verify that the API endpoint and key source are legitimate.
Anyone with access to the transcript or tool logs could see and misuse the API key if it is echoed.
This prints the full API key value instead of merely checking whether it exists, which can expose the credential in terminal output, agent context, or logs.
Check the `MIRA_KEY` environment variable: `echo $MIRA_KEY`
Do not run `echo $MIRA_KEY`. Use a non-printing existence check such as `test -n "$MIRA_KEY"` or configure the key through the platform’s secret manager; rotate the key if it was printed.