Scan Report
15 /100
ai-job-hunter-pro
AI-powered job search assistant with RAG-based resume-JD matching, automated application pipeline, and status tracking
This is a legitimate job search automation tool with benign web scraping and RAG-based matching functionality. No malicious behavior detected - all capabilities align with the documented purpose of job search assistance.
Safe to install
Safe to use with standard precautions. Review that network scraping of job sites complies with your organization's acceptable use policies.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Undocumented network scraping scope Doc Mismatch | SKILL.md:1 |
| Low | Hardcoded placeholder IP address Sensitive Access | scripts/company_scraper.py:399 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md declares profile reading; code reads ~/job_profile.json |
| Network | READ | READ | ✓ Aligned | Core scraping functionality sends requests to job platforms |
| Shell | WRITE | WRITE | ✓ Aligned | pip install in setup_rag.py:31-32; pdftotext/pandoc in rag_engine.py |
1 High 28 findings
High IP Address 硬编码 IP 地址
122.0.0.0 scripts/company_scraper.py:399 Medium External URL 外部 URL
https://linkedin.com/in/yourprofile assets/profile_template.json:6 Medium External URL 外部 URL
https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js dashboard.html:7 Medium External URL 外部 URL
https://www.google.com/about/careers/applications/jobs/results/?location=Shanghai&location=Beijing&location=Hangzhou&q= scripts/company_scraper.py:35 Medium External URL 外部 URL
https://apply.careers.microsoft.com/careers?start=0&sort_by=timestamp&keyword= scripts/company_scraper.py:46 Medium External URL 外部 URL
https://www.amazon.jobs/en/search?base_query= scripts/company_scraper.py:57 Medium External URL 外部 URL
https://jobs.apple.com/zh-cn/search?search= scripts/company_scraper.py:68 Medium External URL 外部 URL
https://nvidia.wd5.myworkdayjobs.com/NVIDIAExternalCareerSite?q= scripts/company_scraper.py:79 Medium External URL 外部 URL
https://app.mokahr.com/social-recruitment/tesla/46129#/jobs?keyword= scripts/company_scraper.py:90 Medium External URL 外部 URL
https://jobs.booking.com/careers?query= scripts/company_scraper.py:101 Medium External URL 外部 URL
https://careers.shopee.cn/jobs?keyword= scripts/company_scraper.py:112 Medium External URL 外部 URL
https://jobs.bytedance.com/experienced/position?keywords= scripts/company_scraper.py:125 Medium External URL 外部 URL
https://talent-holding.alibaba.com/off-campus/position-list?lang=zh&keyword= scripts/company_scraper.py:136 Medium External URL 外部 URL
https://talent.taotian.com/off-campus/position-list?lang=zh&search= scripts/company_scraper.py:147 Medium External URL 外部 URL
https://careers.aliyun.com/off-campus/position-list?lang=zh&keyword= scripts/company_scraper.py:158 Medium External URL 外部 URL
https://careers.tencent.com/search.html?keyword= scripts/company_scraper.py:169 Medium External URL 外部 URL
https://app.mokahr.com/social-recruitment/high-flyer/140576#/jobs?keyword= scripts/company_scraper.py:182 Medium External URL 外部 URL
https://zhipu-ai.jobs.feishu.cn/index/?keywords= scripts/company_scraper.py:193 Medium External URL 外部 URL
https://vrfi1sk8a0.jobs.feishu.cn/index/?keywords= scripts/company_scraper.py:204 Medium External URL 外部 URL
https://app.mokahr.com/social-recruitment/step/94904#/jobs?keyword= scripts/company_scraper.py:215 Medium External URL 外部 URL
https://jobs.careers.microsoft.com/global/en/search?q= scripts/company_scraper_V2.py:44 Medium External URL 外部 URL
https://jobs.apple.com/en-us/search?search= scripts/company_scraper_V2.py:64 Medium External URL 外部 URL
https://jobs.bytedance.com/en/position?keywords= scripts/company_scraper_V2.py:84 Medium External URL 外部 URL
https://talent.alibaba.com/off-campus/position-list?lang=en&keyword= scripts/company_scraper_V2.py:94 Medium External URL 外部 URL
https://careers.tencent.com/en-us/search.html?keyword= scripts/company_scraper_V2.py:104 Medium External URL 外部 URL
https://www.linkedin.com/jobs/search/?keywords= scripts/job_scraper.py:43 Medium External URL 外部 URL
https://www.indeed.com/jobs?q= scripts/job_scraper.py:156 Medium External URL 外部 URL
https://www.indeed.com scripts/job_scraper.py:211 File Tree
13 files · 130.9 KB · 3409 lines Python 7f · 2574L
HTML 1f · 448L
Markdown 3f · 311L
JSON 1f · 72L
Text 1f · 4L
├─
▾
assets
│ └─
profile_template.json
JSON
├─
▾
references
│ └─
platform_notes.md
Markdown
├─
▾
scripts
│ ├─
apply_pipeline.py
Python
│ ├─
company_scraper_V2.py
Python
│ ├─
company_scraper.py
Python
│ ├─
job_scraper.py
Python
│ ├─
rag_engine.py
Python
│ ├─
requirements.txt
Text
│ ├─
setup_rag.py
Python
│ └─
tracker.py
Python
├─
dashboard.html
HTML
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
chromadb | >=0.4.0 | pip | No | Version specified with minimum |
sentence-transformers | >=2.2.0 | pip | No | Version specified with minimum |
pdfplumber | >=0.10.0 | pip | No | Version specified with minimum |
python-docx | >=0.8.11 | pip | No | Version specified with minimum |
Security Positives
✓ All data stored locally in ~/.ai-job-hunter-pro/ directory
✓ No credential harvesting or API key exfiltration
✓ Dry-run mode enabled by default - applications not submitted without user confirmation
✓ Resume data never sent to external services (only to job platforms during application)
✓ subprocess usage is limited to legitimate CLI tools (pip, pdftotext, pandoc)
✓ No obfuscation, base64 execution, or anti-analysis techniques
✓ Dependencies mostly pinned with minimum versions specified
✓ No C2 communication or data exfiltration endpoints
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths