ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

boss-job

v1.2.0

通过 OpenCLI 远程操作 BOSS直聘,支持职位搜索、职位详情查看、打招呼、聊天记录管理及消息发送,需Chrome登录状态。

1· 97·1 current·1 all-time
by@spyqwer1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for spyqwer1/boss-job.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "boss-job" (spyqwer1/boss-job) from ClawHub.
Skill page: https://clawhub.ai/spyqwer1/boss-job
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install boss-job

ClawHub CLI

Package manager switcher

npx clawhub@latest install boss-job
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: it automates BOSS直聘 actions via OpenCLI and a Chrome login session. Requiring OpenCLI and a browser login is coherent with the stated purpose.
!
Instruction Scope
The SKILL.md explicitly directs installing OpenCLI, the OpenCLI Chrome extension, and an OpenCLI plugin from github:SPYQWER1/opencli-plugin-boss-job. While these steps are functionally necessary to control the site using the browser session, they empower code to access your Chrome login state (cookies/session) and act on your behalf — this is sensitive and outside the skill file itself (which contains no code).
!
Install Mechanism
The instructions tell the user to run 'npm install -g @jackwener/opencli' (an npm package) and to install an OpenCLI plugin from a specific GitHub repo (SPYQWER1/opencli-plugin-boss-job). Installing an extension/plugin from an unverified GitHub repo or third-party extension is higher risk because it will run code on your machine and in your browser; the skill registry entry itself contains no vetted install spec or source URL.
!
Credentials
The skill requests no env vars, which is appropriate, but requires access to your Chrome logged-in session and a browser extension — effectively granting access to sensitive credentials/cookies. That level of access is proportionate only if you trust the extension/plugin source; the SKILL.md gives no assurance or verification of the plugin/extension authorship.
!
Persistence & Privilege
Although the skill metadata does not set always:true, the recommended workflow installs a browser extension and an OpenCLI plugin which persist and can be used later. Persistent browser/extension access increases blast radius (can act on your active sessions) and should be considered a significant privilege.
What to consider before installing
This skill does what it claims (automates BOSS直聘 using your Chrome login), but it requires installing a Chrome extension and an OpenCLI plugin from a GitHub user with no homepage or source listed in the registry. Before installing: (1) verify the plugin GitHub repo (SPYQWER1/opencli-plugin-boss-job) and review its code and maintainer reputation; (2) inspect the OpenCLI Chrome extension permissions and the OpenCLI npm package (@jackwener/opencli); (3) prefer installing in a disposable browser profile or VM, not your primary account with other sensitive sessions; (4) avoid using with high-privilege or financial accounts until you trust the extension. If you cannot review the plugin/extension source or verify the author, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dktc4kbpqckpvkbs23bnwtd84np0x
97downloads
1stars
3versions
Updated 2w ago
v1.2.0
MIT-0
@spyqwer1
latest
Download

BOSS直聘求职者工具

OpenCLI 插件,复用 Chrome 登录态操作 BOSS直聘。

前置条件

  1. 安装 OpenCLI

    npm install -g @jackwener/opencli

    或访问: https://github.com/jackwener/opencli

  2. 在 Chrome 中登录 zhipin.com

  3. 安装 OpenCLI Chrome 扩展

  4. 安装插件: opencli plugin install github:SPYQWER1/opencli-plugin-boss-job

命令速查

命令功能示例
search搜索职位opencli boss-job search 前端 --city 杭州
recommend推荐职位opencli boss-job recommend --limit 10
detail职位详情opencli boss-job detail <security-id>
greet打招呼opencli boss-job greet <security-id>
chatlist聊天列表opencli boss-job chatlist
chatmsg聊天记录opencli boss-job chatmsg <uid> --security-id <id>
send发送消息opencli boss-job send <uid> "消息内容"

ID 说明

  • securityId: 用于 detailgreet,从 search/recommendsecurity_id 字段获取
  • encryptUid: 用于 chatmsgsend,从 chatlistencrypt_uid 字段获取

详细用法

search - 搜索职位

opencli boss-job search <关键词> \
  --city <城市> \
  --experience <经验> \
  --degree <学历> \
  --salary <薪资> \
  --limit <数量>

参数:

  • --city: 城市 (北京/上海/杭州/深圳等)
  • --experience: 应届/1-3年/3-5年/5-10年/10年以上
  • --degree: 大专/本科/硕士/博士
  • --salary: 3K以下/3-5K/5-10K/10-15K/15-20K/20-30K/30-50K/50K以上

greet - 打招呼

opencli boss-job greet <security-id>

chatmsg - 聊天记录

opencli boss-job chatmsg <encrypt-uid> --security-id <security-id>

需要同时提供 encrypt_uidsecurity_id,两者都来自 chatlist 命令。

常见工作流

工作流 1: 搜索并打招呼

# 1. 搜索职位
opencli boss-job search 前端 --city 杭州 --limit 10

# 2. 查看详情
opencli boss-job detail <security-id>

# 3. 打招呼
opencli boss-job greet <security-id> --text "您好,我对这个职位很感兴趣"

工作流 2: 回复消息

# 1. 查看聊天列表
opencli boss-job chatlist --limit 20

# 2. 查看聊天记录
opencli boss-job chatmsg <encrypt-uid> --security-id <security-id>

# 3. 回复消息
opencli boss-job send <encrypt-uid> "好的,我稍后发简历给您"

错误处理

  • Cookie 过期: 在 Chrome 中重新登录 zhipin.com

Comments

Loading comments...