v1.0.0

Job Auto Apply

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:54 AM.

Analysis

The skill is not overtly malicious, but it asks to automate sensitive job applications using personal data, platform accounts, and optional approval controls that users should review carefully before installing.

GuidanceInstall only if you are comfortable giving the skill sensitive job-application profile data and platform account access. Keep dry-run and manual confirmation enabled, review every employer, cover letter, resume, and screening answer before submission, avoid CAPTCHA/proxy bypass methods, and do not rely on this version as proof that applications were actually submitted.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

“submits applications automatically or with user confirmation” ... “--auto-apply” ... “Submit applications (with confirmation if enabled)”

The skill explicitly supports submitting real job applications, and confirmation is configurable rather than mandatory. That is a high-impact external action because applications may contain personal data and can be difficult to retract.

User impactThe agent could submit applications, cover letters, or screening answers before the user has reviewed every employer and answer.

RecommendationKeep dry-run on by default, require explicit per-application approval, preview all answers and documents, and use strict limits on the number of applications.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

platform_integration.md

“Captcha Handling - Use 2Captcha or Anti-Captcha services” ... “Captcha Blocks: Reduce frequency, use residential proxies”

The documentation recommends CAPTCHA-solving services and residential proxies for automation. That can bypass platform anti-abuse controls and may expose user activity to additional third parties.

User impactUsing these methods could violate job-platform terms, risk account restrictions, or route application activity through untrusted services.

RecommendationAvoid CAPTCHA-bypass and proxy workflows; prefer official APIs, manual intervention, and platform-approved automation only.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

job_search_apply.py

“# This is a placeholder - in real implementation, this would:” ... “# 5. Submit application” ... “print("   ✅ Application submitted successfully")”

The included script comments say the real application submission is not implemented, but the non-dry-run path can still report that an application was submitted successfully.

User impactA user could believe applications were actually submitted when the included code only simulates the workflow.

RecommendationDo not present placeholder behavior as successful submission; require platform confirmation IDs or clear simulated-status labeling before production use.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

platform_integration.md

“Authentication: OAuth 2.0” ... “Authentication: API Key” ... “Required Scopes: `r_basicprofile`, `r_emailaddress`, `w_member_social`” ... “Maintain authenticated sessions” ... “Handle cookie persistence”

The skill documentation requires platform credentials and persistent sessions, and it lists a broad LinkedIn social-write-style scope. The registry metadata declares no primary credential, env vars, or config paths, so the credential boundary is unclear.

User impactThe skill may need access to accounts and sessions that can act as the user on job platforms, with unclear limits on what credentials are used or stored.

RecommendationDeclare all credential requirements, use least-privilege scopes, avoid persistent cookies unless explicitly approved, and document exactly where tokens or sessions are stored.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

profile_template.json

“full_name”, “email”, “phone”, “resume_path”, “work_authorization”, “salary_expectations”, “screening_answers”

The profile template stores sensitive personal and employment-application information. This is expected for a job-application skill, but it is still sensitive local data that may be reused in applications.

User impactIf the profile file is overfilled, shared, or used without review, sensitive personal details or inaccurate screening answers could be submitted to employers.

RecommendationUse the minimum required profile data, store the file securely, review screening answers before submission, and remove sensitive fields that are not needed.