ClawHub

Job Auto Apply

v1.0.0

Automated job search and application system for Clawdbot. Use when the user wants to search for jobs and automatically apply to positions matching their criteria. Handles job searching across LinkedIn, Indeed, Glassdoor, ZipRecruiter, and Wellfound, generates tailored cover letters, fills application forms, and tracks application status. Use when user says things like "find and apply to jobs", "auto-apply for [job title]", "search for [position] jobs and apply", or "help me apply to multiple jobs automatically".

29· 4.4k·19 current·19 all-time
by@veeky-kumar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to integrate with multiple platforms (LinkedIn, Indeed, Glassdoor, ZipRecruiter, Wellfound) and to perform OAuth, API calls, web scraping, captcha-solving and proxy usage. Those capabilities legitimately require platform API keys/OAuth tokens, captcha service keys, and browser drivers (Chrome/Chromedriver or Playwright). However the registry metadata and manifest declare no required environment variables, no required binaries, and no install steps — a clear mismatch between claimed capabilities and requested resources.
!
Instruction Scope
SKILL.md and platform_integration.md instruct the agent to read a profile file containing personal data, search and scrape platforms, solve CAPTCHAs (2Captcha/Anti-Captcha), use residential proxies, maintain authenticated sessions and store credentials. Those instructions expand scope beyond a simple helper: they direct collection, storage, and transmission of sensitive personal credentials and automated interactions with external services. The included Python script is mostly placeholder and doesn't implement these actions, which increases uncertainty about the actual runtime behavior.
!
Install Mechanism
There is no install specification even though the documentation references Selenium, Playwright, cryptography, keyring, and third-party captcha/proxy services. Absence of a declared install step or dependency list (pip packages, browsers, webdriver binaries) is disproportionate and makes it unclear what will be required on the host or what the skill will attempt to use at runtime.
!
Credentials
The docs explicitly recommend storing API keys and using keyring/cryptography, and integration requires OAuth tokens/API keys and possibly captcha/proxy credentials, but the skill declares zero required environment variables or primary credentials. That mismatch is problematic: the skill will realistically need sensitive secrets (platform OAuth tokens, API keys for job boards, captcha service keys, proxy credentials) but does not surface or justify them in the manifest.
!
Persistence & Privilege
The skill suggests maintaining authenticated sessions, persisting cookies/tokens, and using system keyring to store credentials. While 'always' is false (good), the documentation implies writing persistent secrets to the host environment or system keyring without declaring this in config paths. Persisting account tokens and session data increases blast radius if misconfigured or malicious.
What to consider before installing
This skill appears to do what it claims (automating job search and applications) but the package is incomplete and inconsistent: it documents web scraping, OAuth, captcha solving, proxies, and secure credential storage, yet declares no required env vars, no install steps, and no dependency list. Before installing or giving it access to any accounts: - Treat the source as untrusted until you can verify it (there's no homepage or known publisher). Ask the publisher for a dependency list and explicit list of required credentials (OAuth keys, API keys, 2Captcha key, proxy creds). - Do not enter platform usernames/passwords into the profile file or plain environment vars without reviewing how the skill stores them. The docs mention keyring/cryptography but also provide no details on key management. Prefer OAuth flows that do not require storing raw passwords. - Require manual confirmation / dry-run by default. Test in dry-run mode and with a throwaway account before using personal accounts. - Ensure you have the necessary browser drivers and that installing them won't run unreviewed code; consider running in an isolated VM or container. - Confirm the automation does not violate each job platform's Terms of Service; automated mass applications and scraping can lead to account bans. - If you want to proceed, ask the author for: (1) a clear install/requirements file (pip/Playwright install steps), (2) an explicit list of environment variables and what they are used for, (3) a minimal reproducible implementation limited to dry-run/search-only, (4) proof of safe credential handling (no plaintext storage, clear keyring behavior). Given the inconsistencies, treat this skill as suspicious until those questions are answered and the code/dependencies are audited.

Like a lobster shell, security has layers — review code before you run it.

Nallavk970bhv9qpzdkj2bhzdpkx0sen800a8jNaukrivk970bhv9qpzdkj2bhzdpkx0sen800a8jautomationvk970bhv9qpzdkj2bhzdpkx0sen800a8jcareervk970bhv9qpzdkj2bhzdpkx0sen800a8jjobsvk970bhv9qpzdkj2bhzdpkx0sen800a8jlatestvk970bhv9qpzdkj2bhzdpkx0sen800a8j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments