Careermax
ReviewAudited by ClawScan on May 1, 2026.
Overview
Careermax appears purpose-aligned for job-search assistance, but it uses your Careermax API key and an external npx MCP toolkit to access and update career-related account data.
This skill is coherent for Careermax job-search workflows. Before installing, make sure you trust the Careermax npx toolkit, protect the CAREERMAX_API_KEY, and review confirmations before allowing any account changes or credit-consuming AI actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill should treat the API key like a password for their Careermax account data and actions.
The skill requires a Careermax API key as its primary credential, which is expected for accessing a Careermax account but still grants delegated account access.
requires:\n env:\n - CAREERMAX_API_KEY\n primaryEnv: CAREERMAX_API_KEY
Use a Careermax API key with the minimum permissions available, keep it out of shared logs or prompts, and revoke it if you stop using the skill.
The assistant can help change job-application records, so an accidental confirmation could alter account data.
The skill can modify Careermax job-tracking data, but the artifact says write operations use a preview/confirm flow.
jobs_add — Add a new job (preview/confirm)\njobs_update — Update status, notes, or other fields (preview/confirm)
Review previews carefully before confirming job updates or other write operations.
The code actually run by npx comes from the external package source, not from files included in this artifact.
The skill relies on an external npm package invoked through npx, and the usage example does not pin a package version.
npx @careermax/agent-toolkit mcp
Install only if you trust the Careermax package source, and consider pinning or verifying the package version in controlled environments.
Sensitive career information may be sent to and processed by Careermax services as part of normal use.
The skill discloses that resume, job, interview, referral, and learning-plan workflows are processed by Careermax's backend rather than remaining only in the local chat.
All AI processing happens server-side on the same backend as the Careermax web app.
Use the skill only for data you are comfortable storing or processing in Careermax, and review Careermax's privacy and retention settings if relevant.