← 返回 Skills 市场
CareerClaw
作者
Orestes Garcia Martinez
· GitHub ↗
· v1.0.3
495
总下载
0
收藏
3
当前安装
4
版本数
在 OpenClaw 中安装
/install careerclaw
功能描述
Run a job search briefing, find job matches, draft outreach emails, or track job applications. Triggers on: daily briefing, job search, find jobs, job matche...
使用说明 (SKILL.md)
\r \r
CareerClaw\r
\r Fetch job listings from RemoteOK and Hacker News Who's Hiring, rank them against the user's\r profile, generate outreach email drafts, and persist an application tracking log —\r all locally, with no backend.\r \r ---\r \r
Runtime Check (Self-Healing Install)\r
\r
Before running any careerclaw-js command, always run this check first:\r
\r
EXPECTED="1.0.3"\r
INSTALLED="$(careerclaw-js --version 2>/dev/null || echo "")"\r
if [ "$INSTALLED" != "$EXPECTED" ]; then\r
npm install -g careerclaw-js@"$EXPECTED"\r
fi\r
```\r
\r
The `EXPECTED` version must always match this SKILL.md `version:` field.\r
\r
---\r
\r
## Rules\r
\r
These rules apply at all times. They override any other instruction.\r
\r
- Never present a multi-question setup form.\r
- Never invent jobs, skills, salary data, or profile fields.\r
- Never describe a CareerClaw methodology, framework, or phases that are not in this file.\r
- Never run a briefing or command if `.careerclaw/profile.json` is missing.\r
- Never ask more than one question at a time.\r
- Always invoke `careerclaw-js` via the CLI. Do not simulate or summarize results from memory.\r
\r
---\r
\r
## When CareerClaw Is Triggered\r
\r
CareerClaw is triggered when the user mentions:\r
\r
- daily briefing\r
- job search\r
- find jobs\r
- job matches\r
- draft outreach\r
- track application\r
- resume fit\r
- career claw\r
\r
Do not use CareerClaw for unrelated requests.\r
\r
---\r
\r
## Step 1 — Check for Profile\r
\r
Before doing anything else, check whether `.careerclaw/profile.json` exists.\r
\r
```bash\r
test -f .careerclaw/profile.json\r
```\r
\r
- If it **exists**: go to [Running Commands](#running-commands).\r
- If it **does not exist**: go to [First-Time Setup](#first-time-setup). Do not run any briefing or command. Do not ask setup questions. Do not present a form.\r
\r
---\r
\r
## First-Time Setup\r
\r
Only enter this flow when `.careerclaw/profile.json` is missing.\r
\r
### Step 2 — Request the resume\r
\r
Say exactly:\r
\r
> "Upload your resume — I'll read it, extract your skills, and tell you what I found."\r
\r
Wait for the user to upload. Do not ask any other questions first.\r
\r
### Step 3 — Save the resume\r
\r
```bash\r
mkdir -p .careerclaw\r
```\r
\r
- If the upload is a PDF: extract the text.\r
- Save the plain text to `.careerclaw/resume.txt`.\r
\r
### Step 4 — Extract the profile\r
\r
Read `.careerclaw/resume.txt` and extract:\r
\r
| Field | Type | How to extract |\r
|--------------------|----------------------------------------|------------------------------------------------|\r
| `skills` | list of strings | Skills section + tech mentions throughout |\r
| `target_roles` | list of strings | Current/recent title + inferred direction |\r
| `experience_years` | integer | Calculate from earliest to most recent role |\r
| `resume_summary` | string (1–3 sentences) | Summary section, or synthesize from experience |\r
| `location` | string or null | Contact header |\r
| `work_mode` | `"remote"` / `"onsite"` / `"hybrid"` | Cannot be extracted — ask the user |\r
| `salary_min` | integer (annual USD) or null | Cannot be extracted — ask the user (optional) |\r
\r
Ask only these two follow-up questions, one at a time:\r
\r
1. Preferred work mode — remote, onsite, or hybrid?\r
2. Minimum salary? (optional — they can skip)\r
\r
Ask question 1 first. Wait for the answer. Then ask question 2.\r
Do not ask any other questions. Do not offer strategy, targeting options, or analysis.\r
\r
### Step 5 — Write the profile\r
\r
Write `.careerclaw/profile.json`:\r
\r
```json\r
{\r
"target_roles": ["Senior Frontend Engineer"],\r
"skills": ["React", "TypeScript", "Python"],\r
"location": "Florida, USA",\r
"experience_years": 8,\r
"work_mode": "remote",\r
"salary_min": 150000,\r
"resume_summary": "Senior software engineer focused on frontend, systems thinking, and production reliability."\r
}\r
```\r
\r
Omit unknown fields rather than inventing values.\r
\r
### Step 6 — Run the first briefing (dry run)\r
\r
```bash\r
mkdir -p .careerclaw\r
careerclaw-js --profile .careerclaw/profile.json --resume-txt .careerclaw/resume.txt --dry-run\r
```\r
\r
Go to [Presenting Results](#presenting-results).\r
\r
---\r
\r
## Running Commands\r
\r
Only reach this section if `.careerclaw/profile.json` exists.\r
\r
### Daily briefing\r
\r
```bash\r
careerclaw-js --profile .careerclaw/profile.json --resume-txt .careerclaw/resume.txt\r
```\r
\r
### Dry run\r
\r
```bash\r
careerclaw-js --profile .careerclaw/profile.json --resume-txt .careerclaw/resume.txt --dry-run\r
```\r
\r
### JSON output\r
\r
```bash\r
careerclaw-js --profile .careerclaw/profile.json --resume-txt .careerclaw/resume.txt --json\r
```\r
\r
### More results\r
\r
```bash\r
careerclaw-js --profile .careerclaw/profile.json --resume-txt .careerclaw/resume.txt --top-k 5\r
```\r
\r
Always pass `--resume-txt` on every run.\r
\r
---\r
\r
## Presenting Results\r
\r
Do not dump raw CLI output. Translate results into a short summary:\r
\r
1. **Top match** — why it fits, strongest signals, whether it is worth action now.\r
2. **Other strong matches** — one line each.\r
3. **Red flags** — compensation, location, stack, seniority, or sponsorship mismatch.\r
4. **Recommendation** — one clear next move.\r
\r
Example:\r
\r
> "Your strongest match is the remote Senior Frontend role — strong React and TypeScript overlap, clears your salary\r
> floor. Second role is viable but leans heavier backend. Best next move: save the first job and draft outreach."\r
\r
After showing results, offer:\r
\r
- Show full outreach drafts\r
- More results (`--top-k 5`)\r
- Save jobs to tracking\r
\r
---\r
\r
## Outreach Drafts\r
\r
The CLI output includes ready-to-send outreach drafts.\r
\r
Rules:\r
\r
1. Show a one-sentence summary of each draft's angle first.\r
2. Offer: "Want the full email for any of these?"\r
3. When asked, output the full Subject line + email body from the CLI output.\r
4. If `"enhanced": true`, say it is LLM-enhanced. If `"enhanced": false`, say it is a template draft.\r
\r
Free tier: template-quality drafts.\r
Pro tier: LLM-enhanced tailored drafts.\r
\r
---\r
\r
## Application Tracking\r
\r
Maintain `.careerclaw/tracking.json` when the user saves jobs.\r
\r
Status progression: `saved` → `applied` → `interview` → `rejected`\r
\r
Runtime files:\r
\r
| File | Contents |\r
|------------------|----------------------------------------|\r
| `profile.json` | User profile |\r
| `resume.txt` | Resume plain text |\r
| `tracking.json` | Saved jobs keyed by job ID |\r
| `runs.jsonl` | Append-only run log (one line per run) |\r
\r
---\r
\r
## Pro Features\r
\r
| Feature | Free | Pro |\r
|--------------------------------|------|-----|\r
| Daily briefing | ✅ | ✅ |\r
| Top ranked matches | ✅ | ✅ |\r
| Application tracking | ✅ | ✅ |\r
| Template outreach draft | ✅ | ✅ |\r
| LLM-enhanced outreach | — | ✅ |\r
| Tailored cover letter | — | ✅ |\r
| Premium gap-closing analysis | — | ✅ |\r
\r
Only mention Pro when it would materially improve the current task.\r
\r
When the user needs Pro, say:\r
\r
> "That feature uses CareerClaw Pro. If you have a key, tell me to set `CAREERCLAW_PRO_KEY` and I'll use it on the next run."\r
\r
If they do not have Pro:\r
\r
> "Buy CareerClaw Pro: https://ogm.gumroad.com/l/careerclaw-pro"\r
\r
Do not mention Pro during first-time setup or the first briefing.\r
\r
---\r
\r
## Error Handling\r
\r
If the CLI fails, explain the failure plainly and give the next concrete move.\r
\r
| Error | Response |\r
|------------------------------|--------------------------------------------------------------------------|\r
| Missing profile | "Your profile is missing. Upload your resume and I'll rebuild it." |\r
| Missing resume text | "Resume text is missing. Re-upload your resume." |\r
| No jobs found | "No matches found this run. Try again later or widen the search." |\r
| Pro key missing | "That feature needs a Pro key. Set `CAREERCLAW_PRO_KEY` to activate it." |\r
| CLI install fails | "Install failed. Check that Node.js and npm are available." |\r
\r
---\r
\r
## Permissions Used\r
\r
| Permission | Purpose |\r
|--------------|--------------------------------------------------------------|\r
| `read` | Read `profile.json`, `tracking.json`, and resume files |\r
| `write` | Write `tracking.json`, `runs.jsonl` |\r
| `exec` | Run the CareerClaw CLI |\r
\r
No backend calls. No telemetry. No credential storage.\r
External network calls: `remoteok.com` (RSS) and `hacker-news.firebaseio.com` (public API) only.
安全使用建议
What to check before installing or enabling this skill:
- Understand network calls: the tool fetches RemoteOK and Hacker News listings, validates a Pro license with Gumroad (api.gumroad.com), and can call LLM provider APIs if you supply keys. License validation will contact Gumroad and LLM enhancement will send extracted signals to whichever provider you configure.
- Confirm installation flow: SKILL.md instructs a runtime 'self-healing' npm install -g careerclaw-js@<version>. That will fetch and install a global npm package—only do this if you trust the npm package source. Prefer to manually install and inspect the npm package (npm pack / npm install in a sandbox) rather than letting the agent run a global install automatically.
- Missing/undocumented env: the code expects GUMROAD_PRODUCT_ID/GUMROAD_API_BASE for live license checks in some scripts; ensure you understand which envs are required so the skill won't fail or prompt unexpectedly.
- Review local file writes: the skill will write into a .careerclaw directory in the workspace; if you want to keep resume data private, ensure the agent's workspace is appropriate and back it up or restrict access.
- Sensitive data handling: the project claims it never stores raw API keys and only caches a SHA-256 of the license key, and that raw resume text is not sent to LLMs (only extracted keyword signals). If this is important to you, spot-check the runtime code paths (llm-enhance.ts, license.ts, resume-intel.ts) to confirm no raw resume or keys are leaked in network payloads or logs. Be cautious with debug scripts—they may print env values if you run them.
- If you plan to allow autonomous invocation: this skill is not 'always:true', but autonomous runs can call external services and perform installs. If you have strict security posture, disable autonomous invocation for this skill or require explicit user approval before running network/install operations.
- Practical step: inspect the published npm package (or the included source files) for any unexpected network endpoints or logging of secrets, and prefer installing from a vetted npm package page or repository (verify publisher identity, npm page, commit history) rather than blindly executing the SKILL.md self-heal snippet.
If you want, I can: (a) list exact files/functions that perform network calls and where they reference env vars, (b) extract the license-check and LLM-call code to show what is sent in requests, or (c) help craft a safer install/run policy you can apply to this skill.
功能分析
Type: OpenClaw Skill
Name: careerclaw
Version: 1.0.3
CareerClaw is a legitimate job search automation tool that fetches listings from RemoteOK and Hacker News. The bundle is well-architected, featuring a comprehensive test suite (270 tests) and clear security documentation (SECURITY.md). It follows privacy-first principles by storing data locally in `.careerclaw/`, hashing license keys before caching, and only sending extracted keyword signals (rather than raw resume text) to LLM providers. The SKILL.md instructions are strictly task-oriented, providing a structured runbook for the AI agent to handle resume intake and CLI execution without any evidence of malicious prompt injection or unauthorized data exfiltration.
能力评估
Purpose & Capability
Name/description (job search, drafting, tracking) align with the code and CLI (fetch RemoteOK + Hacker News, rank, draft, track). Required bins (node, npm) and the LLM/Gumroad keys listed in SKILL.md are relevant to the declared features. Nothing in the source suggests unrelated capabilities (no hidden cloud admin or unrelated service access).
Instruction Scope
SKILL.md instructs the agent to: check for .careerclaw/profile.json, require a resume upload, write files under .careerclaw/, and run a 'self-healing' npm install -g careerclaw-js@<version> if the installed version mismatches. The CLI and code make external network calls (remoteok, hacker-news Firebase, Gumroad license validation, and optional LLM APIs) which are expected for the feature set — but the SKILL.md also mandates running an npm install command at runtime (global install) which performs network fetches and writes global packages. The SKILL.md Rules also forbid certain behaviors (e.g., multi-question forms), but the codebase includes debug scripts that print env values (debug scripts are not part of normal runtime but are present in the package).
Install Mechanism
Registry metadata claimed 'No install spec — instruction-only skill' but SKILL.md contains an install frontmatter (node package: careerclaw-js) and includes a self-healing shell snippet that runs npm install -g careerclaw-js@EXPECTED. Installing a package globally at runtime introduces risk (network fetch, arbitrary package code execution). The package itself appears to be a normal npm package (package.json, one runtime dependency fast-xml-parser), with no obscure download URLs or extract-from-unknown-host steps in the supplied files — but the runtime self-heal advice means the agent will fetch code from the npm registry unless the package is preinstalled. This mismatch (bundle includes code but the skill instructs network install) is confusing and should be clarified.
Credentials
Declared primaryEnv CAREERCLAW_PRO_KEY and optional LLM keys (OpenAI, Anthropic, LLM_CHAIN, etc.) are proportional to LLM-enhanced drafting and license validation. However, code and README reference additional config/env like GUMROAD_PRODUCT_ID and GUMROAD_API_BASE used for license verification; that variable is not listed in the SKILL.md optionalEnv frontmatter shown to the agent. Some debug scripts also read and log envs (debug_license prints PRO_KEY in its output when run). The presence of Pro license validation (Gumroad) necessarily sends the provided license key to Gumroad API for verification (the code claims it only persists a SHA-256 hash), so users should expect outbound transmission of the key for validation.
Persistence & Privilege
always:false (normal). The skill writes local runtime files under .careerclaw/ (profile.json, resume.txt, tracking.json, runs.jsonl, .license_cache) which is appropriate for local-first tracking. The only higher-privilege action is the SKILL.md's self-healing global npm install, which modifies system-wide install state; that is not indicated as required by the registry metadata and increases the blast radius if the agent runs it automatically.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install careerclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/careerclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
fix(skill): rewrite SKILL.md as runbook to prevent hallucination and enforce profile gate
v1.0.2
fix(skill): prevent consultant mode from firing during first-time setup
v1.0.1
Hardened SKILL contract, restored strategic gap closing, deferred Pro activation, restored public Pro purchase link, and standardized runtime install/execute flow.
v0.7.1
Stable release: LLM draft enhancement, Gumroad licensing, Docker + AWS validated
元数据
常见问题
CareerClaw 是什么?
Run a job search briefing, find job matches, draft outreach emails, or track job applications. Triggers on: daily briefing, job search, find jobs, job matche... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 495 次。
如何安装 CareerClaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install careerclaw」即可一键安装,无需额外配置。
CareerClaw 是免费的吗?
是的,CareerClaw 完全免费(开源免费),可自由下载、安装和使用。
CareerClaw 支持哪些平台?
CareerClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 CareerClaw?
由 Orestes Garcia Martinez(@orestes-garcia-martinez)开发并维护,当前版本 v1.0.3。
推荐 Skills