中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:21 小时前 重新扫描
15 /100
ai-job-hunter-pro
AI-powered job search assistant with RAG-based resume-JD matching, automated application pipeline, and status tracking
This is a legitimate job search automation tool with benign web scraping and RAG-based matching functionality. No malicious behavior detected - all capabilities align with the documented purpose of job search assistance.
技能名称ai-job-hunter-pro
分析耗时53.2s
引擎pi
可以安装
Safe to use with standard precautions. Review that network scraping of job sites complies with your organization's acceptable use policies.

安全发现 2 项

严重性 安全发现 位置
低危
Undocumented network scraping scope 文档欺骗
SKILL.md does not explicitly declare network access for web scraping. While scraping is the core feature, the declared permissions do not mention network:WRITE for HTTP requests to job platforms.
No explicit network permission declaration
→ Add 'network:READ' to allowed tools mapping in SKILL.md metadata
 SKILL.md:1
低危
Hardcoded placeholder IP address 敏感访问
A placeholder IP address (122.0.0.0) appears at line 399 of company_scraper.py. This is not a real C2 address but represents a minor code hygiene issue.
122.0.0.0
→ Remove or replace placeholder IP with a proper configuration variable
 scripts/company_scraper.py:399
资源类型声明权限推断权限状态证据
文件系统 READ READ ✓ 一致 SKILL.md declares profile reading; code reads ~/job_profile.json
网络访问 READ READ ✓ 一致 Core scraping functionality sends requests to job platforms
命令执行 WRITE WRITE ✓ 一致 pip install in setup_rag.py:31-32; pdftotext/pandoc in rag_engine.py
1 高危 28 项发现
📡
高危 IP 地址 硬编码 IP 地址
122.0.0.0
scripts/company_scraper.py:399
🔗
中危 外部 URL 外部 URL
https://linkedin.com/in/yourprofile
assets/profile_template.json:6
🔗
中危 外部 URL 外部 URL
https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js
dashboard.html:7
🔗
中危 外部 URL 外部 URL
https://www.google.com/about/careers/applications/jobs/results/?location=Shanghai&location=Beijing&location=Hangzhou&q=
scripts/company_scraper.py:35
🔗
中危 外部 URL 外部 URL
https://apply.careers.microsoft.com/careers?start=0&sort_by=timestamp&keyword=
scripts/company_scraper.py:46
🔗
中危 外部 URL 外部 URL
https://www.amazon.jobs/en/search?base_query=
scripts/company_scraper.py:57
🔗
中危 外部 URL 外部 URL
https://jobs.apple.com/zh-cn/search?search=
scripts/company_scraper.py:68
🔗
中危 外部 URL 外部 URL
https://nvidia.wd5.myworkdayjobs.com/NVIDIAExternalCareerSite?q=
scripts/company_scraper.py:79
🔗
中危 外部 URL 外部 URL
https://app.mokahr.com/social-recruitment/tesla/46129#/jobs?keyword=
scripts/company_scraper.py:90
🔗
中危 外部 URL 外部 URL
https://jobs.booking.com/careers?query=
scripts/company_scraper.py:101
🔗
中危 外部 URL 外部 URL
https://careers.shopee.cn/jobs?keyword=
scripts/company_scraper.py:112
🔗
中危 外部 URL 外部 URL
https://jobs.bytedance.com/experienced/position?keywords=
scripts/company_scraper.py:125
🔗
中危 外部 URL 外部 URL
https://talent-holding.alibaba.com/off-campus/position-list?lang=zh&keyword=
scripts/company_scraper.py:136
🔗
中危 外部 URL 外部 URL
https://talent.taotian.com/off-campus/position-list?lang=zh&search=
scripts/company_scraper.py:147
🔗
中危 外部 URL 外部 URL
https://careers.aliyun.com/off-campus/position-list?lang=zh&keyword=
scripts/company_scraper.py:158
🔗
中危 外部 URL 外部 URL
https://careers.tencent.com/search.html?keyword=
scripts/company_scraper.py:169
🔗
中危 外部 URL 外部 URL
https://app.mokahr.com/social-recruitment/high-flyer/140576#/jobs?keyword=
scripts/company_scraper.py:182
🔗
中危 外部 URL 外部 URL
https://zhipu-ai.jobs.feishu.cn/index/?keywords=
scripts/company_scraper.py:193
🔗
中危 外部 URL 外部 URL
https://vrfi1sk8a0.jobs.feishu.cn/index/?keywords=
scripts/company_scraper.py:204
🔗
中危 外部 URL 外部 URL
https://app.mokahr.com/social-recruitment/step/94904#/jobs?keyword=
scripts/company_scraper.py:215
🔗
中危 外部 URL 外部 URL
https://jobs.careers.microsoft.com/global/en/search?q=
scripts/company_scraper_V2.py:44
🔗
中危 外部 URL 外部 URL
https://jobs.apple.com/en-us/search?search=
scripts/company_scraper_V2.py:64
🔗
中危 外部 URL 外部 URL
https://jobs.bytedance.com/en/position?keywords=
scripts/company_scraper_V2.py:84
🔗
中危 外部 URL 外部 URL
https://talent.alibaba.com/off-campus/position-list?lang=en&keyword=
scripts/company_scraper_V2.py:94
🔗
中危 外部 URL 外部 URL
https://careers.tencent.com/en-us/search.html?keyword=
scripts/company_scraper_V2.py:104
🔗
中危 外部 URL 外部 URL
https://www.linkedin.com/jobs/search/?keywords=
scripts/job_scraper.py:43
🔗
中危 外部 URL 外部 URL
https://www.indeed.com/jobs?q=
scripts/job_scraper.py:156
🔗
中危 外部 URL 外部 URL
https://www.indeed.com
scripts/job_scraper.py:211

目录结构

13 文件 · 130.9 KB · 3409 行
Python 7f · 2574L HTML 1f · 448L Markdown 3f · 311L JSON 1f · 72L Text 1f · 4L
├─ 📁 assets
│ └─ 📋 profile_template.json JSON 72L · 1.5 KB
├─ 📁 references
│ └─ 📝 platform_notes.md Markdown 36L · 1.7 KB
├─ 📁 scripts
│ ├─ 🐍 apply_pipeline.py Python 406L · 18.3 KB
│ ├─ 🐍 company_scraper_V2.py Python 363L · 13.8 KB
│ ├─ 🐍 company_scraper.py Python 489L · 19.5 KB
│ ├─ 🐍 job_scraper.py Python 393L · 15.5 KB
│ ├─ 🐍 rag_engine.py Python 567L · 22.2 KB
│ ├─ 📄 requirements.txt Text 4L · 84 B
│ ├─ 🐍 setup_rag.py Python 87L · 2.9 KB
│ └─ 🐍 tracker.py Python 269L · 9.8 KB
├─ 📄 dashboard.html HTML 448L · 15.5 KB
├─ 📝 README.md Markdown 152L · 6.4 KB
└─ 📝 SKILL.md Markdown 123L · 3.6 KB

依赖分析 4 项

包名版本来源已知漏洞备注
chromadb >=0.4.0 pip Version specified with minimum
sentence-transformers >=2.2.0 pip Version specified with minimum
pdfplumber >=0.10.0 pip Version specified with minimum
python-docx >=0.8.11 pip Version specified with minimum

安全亮点

✓ All data stored locally in ~/.ai-job-hunter-pro/ directory
✓ No credential harvesting or API key exfiltration
✓ Dry-run mode enabled by default - applications not submitted without user confirmation
✓ Resume data never sent to external services (only to job platforms during application)
✓ subprocess usage is limited to legitimate CLI tools (pip, pdftotext, pandoc)
✓ No obfuscation, base64 execution, or anti-analysis techniques
✓ Dependencies mostly pinned with minimum versions specified
✓ No C2 communication or data exfiltration endpoints
✓ No access to ~/.ssh, ~/.aws, or other sensitive credential paths