JobClaw
v1.0.20260329-142ceeaAI-powered automated job search skill. Searches LinkedIn and Indeed daily, scores jobs against the user's profile, and saves results to a local CSV. Use when...
⭐ 0· 184·0 current·0 all-time
bySimon@weixijia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with the code and instructions: scripts search LinkedIn/Indeed (via python-jobspy), score results, append to a local CSV, and optionally notify via Telegram/OpenClaw. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md explicitly instructs conversational onboarding and writing ~/Documents/JobClaw/config.json, running search.py/run_daily.sh, and using browser(...) for /newjob. This stays within the job-search purpose but does require the agent to read/write files under ~/Documents and to ask the user for notification tokens (Telegram/OpenClaw). The agent is told to not run setup.py directly, but setup.py is present and can install pip packages if used.
Install Mechanism
There is no install spec in the registry (instruction-only). Code files are included, but no downloads from arbitrary URLs or package managers are required by the registry. setup.py can pip-install dependencies locally, which is expected for a Python skill.
Credentials
The skill declares no required environment variables or primary credential. It optionally asks the user for Telegram bot token/chat_id or OpenClaw account info for notifications — these are proportional to the stated notification feature. The scripts use JOBCLAW_DIR (default ~/Documents/JobClaw), which is documented and can be overridden.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes/reads its own config and data files under ~/Documents/JobClaw; that is normal for a local automation tool.
Assessment
This package is internally consistent with its description, but before installing or enabling it consider: 1) It writes config.json and data under ~/Documents/JobClaw (or JOBCLAW_DIR you set) — inspect that file before adding secrets. 2) If you enable notifications you will need to provide a Telegram bot token and chat ID (sensitive) or OpenClaw account info; store these only if you trust the environment and review notify.py which sends them to Telegram/OpenClaw. 3) setup.py can try to pip install dependencies (it uses --break-system-packages in one invocation) — prefer a virtualenv or review/execute manually. 4) The scripts perform network requests (scraping LinkedIn/Indeed via python-jobspy, curl HEAD/GET checks) and will access arbitrary job URLs you ask it to fetch via /newjob; run in an environment where network activity and filesystem writes are acceptable. 5) If you want extra safety, set JOBCLAW_DIR to a dedicated folder, inspect tracker.py and the remainder of the code, and run the search in dry-run mode first.Like a lobster shell, security has layers — review code before you run it.
latestvk9774esyx3za7etrsxcjsvp83983t87j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.