ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

automate applying to jobs with email

v1.0.0

Automated job application assistant. Searches for jobs on LinkedIn, Indeed, Glassdoor, Wellfound, Agentur für Arbeit, and direct URLs, composes personalised...

1· 136·0 current·0 all-time
byZHDesignS@z-hussein

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for z-hussein/job-apply-automation.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "automate applying to jobs with email" (z-hussein/job-apply-automation) from ClawHub.
Skill page: https://clawhub.ai/z-hussein/job-apply-automation
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install job-apply-automation

ClawHub CLI

Package manager switcher

npx clawhub@latest install job-apply-automation
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the files and instructions: the skill searches job boards, drafts emails, sends via Gmail SMTP, and logs to Applications.json. Asking the user to provide a CV, templates, and target companies is expected for this purpose.
!
Instruction Scope
The SKILL.md explicitly tells the agent to 'check inbox' and 'process replies' but provides only SMTP settings (for sending) in references/CONFIG.md — it does not describe how to read inbound mail (IMAP/POP or Gmail API/OAuth) or include credentials for inbox access. The agent is also instructed to scrape multiple job boards and find recruiter emails; scraping and automated access have rate limits and TOS implications (LinkedIn noted elsewhere). The agent is told to read local files (CONFIG.md, Applications.json, templates) which is expected, but the missing/incomplete inbox access method is a functional and security-relevant gap.
Install Mechanism
This is an instruction-only skill with no install steps or code files to execute — lower install risk. All runtime behavior comes from the prose and included reference files.
!
Credentials
The registry metadata lists no required env vars or credentials, yet the instructions require placing a Gmail App Password into references/CONFIG.md (a local plaintext file), and the README expects a WhatsApp integration. This is a mismatch: the skill needs sensitive credentials but does not declare them, and storing an app password in a file without guidance on file protection is risky. BCCing a personal email on every outbound message and sending daily WhatsApp digests increases data exposure surface.
Persistence & Privilege
always:false and no install hooks are present. The skill will create and update Applications.json (documented) — that is an intended local persistence and consistent with its purpose. Autonomous invocation is allowed (platform default) but not combined here with other high privileges.
What to consider before installing
Key things to consider before installing or running this skill: - Inbox access gap: The skill describes checking and processing inbound replies but only documents SMTP sending (app_password). Ask the author how the agent will read your inbox (IMAP/POP or Gmail API) and what credentials/permissions are required. Do not assume the agent can safely access your primary mailbox. - Use a dedicated account: If you proceed, create a dedicated Gmail account for job applications and generate a Gmail App Password for that account. Never use your primary or work email. Keep the app password isolated and rotate it if you stop using the skill. - Local secret storage: The skill instructs you to put the app password into references/CONFIG.md (plaintext). Protect that file (restrict filesystem permissions) or ask for a secure alternative (platform secret store or environment variable). Treat this file as sensitive. - Start in review mode and limit scope: Keep the skill in Review Mode until you confirm it drafts appropriate emails and tracking behavior. Limit searches/auto-sends (e.g., lower the per-session max) while testing. - Privacy and exposure: The skill BCCs a personal email and can send WhatsApp digests — consider removing the BCC or WhatsApp notifications until you trust the behavior. Review Applications.json regularly and back it up; it contains your application history. - Legal/TOS risk: Automated scraping of LinkedIn/other job boards can trigger rate limits or violate terms of service. The Platform-notes mention rate limits; respect them and avoid mass automated scraping. - Ask for clarifications or improvements: specifically request (a) explicit inbox access method and required permissions, (b) whether any network endpoints other than job boards, Gmail SMTP, and WhatsApp will receive your data, and (c) an option to keep all secrets in platform-managed secret storage rather than plaintext files. If the author cannot clearly explain how inbound email access is handled and how secrets are protected, do not run this skill against any account that contains important or sensitive data.

Like a lobster shell, security has layers — review code before you run it.

automationvk97apv6gdz8mhjk7h4e0archk183agb0latestvk97apv6gdz8mhjk7h4e0archk183agb0
136downloads
1stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
ZHDesignS@z-hussein
automationlatest
Download

job-email-apply

Automated job application workflow — search, draft, send, track.

How It Works

  1. Search — Scans job boards for matching roles
  2. Score — Filters by relevance threshold (0.75)
  3. Draft — Composes a tailored email using templates
  4. Send — Delivers via Gmail SMTP with CV attached
  5. Track — Logs every application in Applications.json

Review Mode: First 3 applications go to you for approval before sending. Auto Mode: After that, emails send immediately.

File Map

job-email-apply/
├── SKILL.md
├── README.md
├── Applications.json         ← tracker database (auto-created on first run)
└── references/
    ├── job-profile.md         ← YOUR profile & personal data (fill this in)
    ├── email-templates.md     ← email templates
    ├── tracker-commands.md    ← tracker schema & operations
    └── platform-notes.md      ← platform tips & target companies

Setup (First Run)

  1. Copy references/config.mdreferences/CONFIG.md and fill in your details
  2. Drop your CV PDF into references/ — update config.md with the filename
  3. Review references/platform-notes.md and add your target companies
  4. See README.md for full setup instructions

Core Workflow

Agent Instructions

When invoked, follow this sequence:

STEP 1 — Load context Read these files before anything else:

  • references/email-templates.md
  • references/tracker-commands.md
  • references/platform-notes.md
  • references/CONFIG.md
  • Applications.json

STEP 2 — Search Check: LinkedIn, Indeed, Glassdoor, Wellfound, Agentur für Arbeit, direct URLs. Score each listing. Discard below 0.75. Dedup against Applications.json.

STEP 3 — Per listing

  1. Find application email
  2. Extract key skills from JD
  3. Select template (cold / startup / referral)
  4. Compose tailored email (< 200 words)
  5. Attach CV from references/
  6. Send via Gmail SMTP → to application email, BCC personal email
  7. Log to Applications.json with status APPLIED

STEP 4 — Check inbox Process replies: interview requests, rejections, spam. Update statuses. Alert on anything needing attention.

STEP 5 — Session summary Output summary. Log to Applications.json session_log.

Scoring Criteria (0.0–1.0)

FactorWeight
Role title match0.25
Stack overlap0.25
Location match0.20
Seniority fit0.15
Salary in range0.10
Company quality0.05

Hard disqualifiers: Junior/Graduate title, 10+ years required, on-site outside targets, company on exclude list.

Constraints

  • Max 15 applications per session
  • No re-apply within 60 days (unless previous was REJECTED)
  • CV must attach — abort and log EMAIL_SEND_FAILED if it fails
  • Never fabricate experience or skills
  • Review mode: first 3 require user approval before sending

Comments

Loading comments...