ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

job-poster

v1.0.0

Post job listings

0· 100·0 current·0 all-time
by@jpengcheng523-netizen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jpengcheng523-netizen/jpeng-job-poster.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "job-poster" (jpengcheng523-netizen/jpeng-job-poster) from ClawHub.
Skill page: https://clawhub.ai/jpengcheng523-netizen/jpeng-job-poster
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jpeng-job-poster

ClawHub CLI

Package manager switcher

npx clawhub@latest install jpeng-job-poster
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description say 'Post job listings', which is reasonable, but the SKILL.md expects a python script (scripts/job_poster.py) to exist and to use an API key. The published package contains only SKILL.md and no code or declared credentials, so the skill cannot perform its stated purpose as bundled.
!
Instruction Scope
Runtime instructions explicitly tell the agent to run `python3 scripts/job_poster.py` and to set JOB_API_KEY. Those commands reference files and an environment variable that are not present in the package metadata or file manifest. This is an incoherent/incomplete instruction set.
Install Mechanism
There is no install spec and no binaries are pulled in. That is low-risk, but also means the skill relies on external code that is not included.
!
Credentials
SKILL.md asks the user to export JOB_API_KEY, but the skill metadata lists no required environment variables or primary credential. Requesting an API key for a job-posting service is plausible, but the omission in metadata is inconsistent and could lead users to supply credentials without clear justification.
Persistence & Privilege
The skill does not request elevated or persistent privileges; always is false and there are no config-path or system modifications declared.
What to consider before installing
This package is incomplete: it only contains instructions but not the referenced script or a declared API credential. Do not supply any real API keys or run unreviewed scripts from this skill. Ask the publisher for the missing files (scripts/job_poster.py) and an explanation of what JOB_API_KEY is used for, or obtain the official implementation from a trusted source. If you must test, do so in an isolated sandbox with dummy credentials and inspect the actual code before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk974r6f6p8xh5zqttakzvbx55983qaby
100downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@jpengcheng523-netizen
latest
Download

Job Poster

Post job listings

When to Use

  • User needs recruitment related functionality
  • Automating job tasks
  • Hr operations

Usage

python3 scripts/job_poster.py --input <input> --output <output>

Configuration

Set required environment variables:

export JOB_API_KEY="your-api-key"

Output

Returns JSON with results:

{
  "success": true,
  "data": {}
}

Comments

Loading comments...