← Back to Skills Marketplace
Remote Job Hunter
by
Rajkiran Veldur
· GitHub ↗
· v1.2.0
477
Downloads
0
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install remote-job-hunter
Description
Automatically find remote jobs every day and match them to your resume. Searches 5 platforms daily, scores each job against your resume using NLP, identifies...
Usage Guidance
This skill implements a full auto-search + apply pipeline and will need credentials to send applications or log into platforms — but the registry entry/SKILL.md don't clearly declare those needs. Before installing or running:
- Inspect where you will store credentials. The code expects SMTP and optional LinkedIn credentials (profile or an external auth store). Do NOT put passwords in publicly readable files. Use the platform's secure secret store (OpenClaw auth-profiles.json if available) and verify its access controls.
- Review tailor.py (it was omitted/truncated) before running — it modifies/creates tailored resume files. Ensure it doesn't inject sensitive data or call unexpected external endpoints.
- Run initial runs in dry-run mode on an isolated machine or VM. Test with --dry-run and the profile's dry_run=true to verify behavior and outputs (pending_applications.json, whatsapp preview) before enabling any auto-apply actions.
- Be prepared to install Playwright (browsers) and pymupdf manually; Playwright automation can control a browser and will perform form fills and uploads — only provide third-party site credentials if you trust the code and understand where they are stored.
- Confirm how WhatsApp messages are delivered: code writes preview/whatsapp files but does not itself call WhatsApp API — determine whether your agent will send WhatsApp messages and how that is authorized.
If you want to proceed, ask the author for explicit documentation of credential handling and provide the missing tailor.py for full review. If you need help auditing tailor.py or configuring credentials safely, I can walk you through the exact checks to perform.
Capability Analysis
Type: OpenClaw Skill
Name: remote-job-hunter
Version: 1.2.0
The bundle implements an automated job application engine that uses Playwright for browser automation and smtplib for email submission. It is classified as suspicious because it requires and handles sensitive plaintext credentials (LinkedIn and SMTP passwords) within user-provided configuration files to perform automated logins and send emails (apply.py). While the tool includes a defense mechanism to sanitize job descriptions against prompt injection (report.py) and its behaviors align with the stated goal of job hunting, the combination of credential handling, automated browser control, and resume manipulation (tailor.py) represents a high-risk profile typical of automation bots.
Capability Assessment
Purpose & Capability
The skill's name/description (daily multi-platform search, scoring, tailoring, and auto-apply via Playwright) is consistent with the code: search.py, scorer.py, gaps/report, tailor/confirm/apply workflow implement those features. Requiring Playwright, resume parsing, and the ability to submit applications (SMTP/form filling/LinkedIn login) is coherent for an auto-apply job hunter. However the registry metadata lists no required credentials or env vars even though the code expects SMTP and (optionally) LinkedIn credentials via profile/auth storage — this mismatch is a design/documentation omission worth noting.
Instruction Scope
The SKILL.md is minimal and describes auto-applying and WhatsApp confirmation, but it does not clearly declare the need for SMTP credentials or platform login creds. The code will: read user profile JSON (including resume_path and optional credential fields), read/write local files (pending_applications.json, tailored_resumes/, whitelist files), fetch job board APIs over the network, parse/modify resumes (tailoring), and perform browser automation via Playwright that can log into third-party sites and upload resumes. Those actions are within the stated purpose, but the runtime instructions shipped in SKILL.md and registry metadata omit important scopes (where credentials come from and how WhatsApp delivery is implemented). The tailor.py file content was truncated/omitted in the provided bundle, preventing full review of its logic (this gap increases risk).
Install Mechanism
There is no install spec (instruction-only install), which is lower risk; dependencies are listed in requirements.txt (pymupdf and playwright). Playwright requires additional browser binaries at runtime (not documented here). No remote download URLs or extract steps are present in the bundle; code is included locally. The absence of an install script means the operator must manually satisfy dependencies and Playwright browser install steps — this increases operational friction and potential for misconfiguration but is not inherently malicious.
Credentials
Registry metadata declares no required env vars or primary credential, yet the code uses credentials: apply_email expects SMTP host/user/password in the profile (or separate auth store), apply_linkedin expects linkedin_email/linkedin_password, and the README/profile.template reference 'credentials' being stored in an OpenClaw auth-profiles.json. The README also asserts 'No credentials stored in config files' while profile.template warns not to store passwords in the profile — these statements conflict. Because credential handling is essential to auto-apply behavior but not declared in metadata or SKILL.md, there's a proportionality/documentation mismatch that could lead to accidental secret leakage if the user stores creds incorrectly.
Persistence & Privilege
The skill is not marked always:true and does not request system-level persistence. It reads and writes workspace-local files (pending_applications.json, applied_jobs.json, tailored_resumes/ etc.) which is expected for this functionality. The skill does not modify other skills' configurations or global agent settings in the reviewed files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install remote-job-hunter - After installation, invoke the skill by name or use
/remote-job-hunter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
feat: JD-aware resume tailoring, supports .docx and .pdf, no fabrication
v1.1.0
feat: Playwright auto-apply engine
v1.0.4
feat: smart location filter — keeps global/European remote roles, excludes US-presence-required roles only. Better coverage for India-based remote contractors.
v1.0.3
Fix: removed unused playwright dependency, clarified WhatsApp delivery is via OpenClaw agent not built-in, auto-apply correctly marked as v1.1.0 roadmap item
v1.0.2
Improved semantic search description, enriched README with comparison table and roadmap, security hardening notes, expanded tags
v1.0.1
Security: removed credential placeholders from template, added prompt injection sanitization, added security documentation
v1.0.0
Initial release — multi-platform job search, NLP match scoring, skill gap analysis, .docx and .pdf resume support
Metadata
Frequently Asked Questions
What is Remote Job Hunter?
Automatically find remote jobs every day and match them to your resume. Searches 5 platforms daily, scores each job against your resume using NLP, identifies... It is an AI Agent Skill for Claude Code / OpenClaw, with 477 downloads so far.
How do I install Remote Job Hunter?
Run "/install remote-job-hunter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Remote Job Hunter free?
Yes, Remote Job Hunter is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Remote Job Hunter support?
Remote Job Hunter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Remote Job Hunter?
It is built and maintained by Rajkiran Veldur (@rajkiranvs); the current version is v1.2.0.
More Skills