Job Hunter

This skill appears to implement a legitimate job-search assistant, but note these concerns before installing or running it: - The search script conditionally uses a BRAVE_API_KEY environment variable to call the Brave Search API, but the skill metadata does not declare this requirement. If you provide a Brave API key, the script will send queries and receive results from api.search.brave.com. - If you are security-conscious, do not place sensitive credentials (cloud credentials, company tokens, or personal API keys unrelated to Brave) in the same environment where this skill runs. Treat BRAVE_API_KEY like a secret: only provide it if you understand and trust the endpoint. - Consider running the included scripts manually in a sandboxed environment first (with a dummy BRAVE_API_KEY or without it) to inspect the network traffic and outputs. The skill will fall back to producing search queries for manual use if no BRAVE_API_KEY is present. - Ask the skill author to update the manifest to declare required env vars (BRAVE_API_KEY) and to document where network requests go and what data is transmitted. Also request explicit documentation about what the skill will send to external services and whether any logs or outputs could contain user profile data. - If you want to be extra cautious, disable autonomous invocation for this skill (or restrict when it can run) and only invoke it manually after reviewing inputs/outputs.