Job Search
v1.0.0Search for jobs across LinkedIn, Indeed, Glassdoor, ZipRecruiter, Google Jobs, Bayt, Naukri, and BDJobs using the JobSpy MCP server.
⭐ 14· 3.2k·18 current·19 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description claim to search multiple job boards via a JobSpy MCP server and the SKILL.md consistently instructs the agent/user to install and run such a server and wire it into an MCP-enabled client. No unrelated services, credentials, or hidden capabilities are requested.
Instruction Scope
Runtime instructions are focused on installing/running the JobSpy MCP server and calling its MCP tools. The SKILL.md asks you to modify the Claude Desktop config file (~Library/Application Support/Claude/claude_desktop_config.json) to register an MCP server—this is relevant to integration but is a sensitive local config change and should be done intentionally. The instructions do not direct the agent to read arbitrary system files or export unrelated data.
Install Mechanism
The skill is instruction-only (no automatic install), but the documentation tells users to pip install packages and to git clone a GitHub repo (https://github.com/chinpeerapat/jobspy-mcp-server.git). Using GitHub releases/repos is normal, but installing unreviewed pip packages or running code from a cloned repo carries the usual risk: arbitrary code execution on the host. The SKILL.md also references an unfamiliar 'uv' tool for package/server management; verify what 'uv' does before using it.
Credentials
The skill declares no required environment variables or credentials, which aligns with instructions that suggest running a local MCP server. Note: scraping some sites (e.g., LinkedIn) can require authentication or proxying in practice; the skill does not request or document credentials for those platforms.
Persistence & Privilege
always:false and model invocation allowed (default). The skill does not request persistent, system-level privileges or attempt to modify other skills. The only persistence-related action it suggests is editing a client config to register the MCP server—this is expected for integration but should be done cautiously.
Assessment
This skill appears to do what it says (use a JobSpy MCP server to scrape multiple job boards), but you should not blindly run the install steps. Before installing or running anything: 1) Inspect the GitHub repository and any pip packages (mcp, python-jobspy, etc.) to confirm their code and maintainer reputation. 2) Use a virtual environment or isolated machine to install and run server code. 3) Back up any client config files before editing (the SKILL.md asks you to modify Claude Desktop config). 4) Be aware that scraping some sites can violate terms of service and may require authentication or proxies; the skill does not request credentials but could perform network scraping that triggers rate limits or IP blocking. 5) If you need to provide credentials to any job board, prefer service-specific API keys and review how those secrets will be stored/used. If you want higher assurance, ask the skill author for a signed release or vetted package sources before installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97dzzq3nmbba2xqwb8hev8jbd80dq14
License
MIT-0
Free to use, modify, and redistribute. No attribution required.