post-job Security Report — Low Risk | ClawSafe

18 /100

post-job

Post free job ads to 20+ job boards such as LinkedIn, Indeed, Ziprecruiter via Fuku AI relay service

Legitimate job posting skill using a third-party relay service (Fuku AI) with documented network access and shell execution; no malicious behavior detected.

Skill Namepost-job

Duration39.1s

Enginepi

✓

Safe to install

Pin dependency versions in package.json for supply chain stability. Add actual credential validation in validateCredentials() to avoid misleading empty function. Otherwise safe for use.

Findings 4 items

Severity	Finding	Location
Low	Empty validateCredentials() stub The validateCredentials() function is defined but contains no checks, always returning undefined. This creates a false sense of security. `function validateCredentials() {}` → Either implement real validation or remove the function to avoid misleading callers.	`scripts/post_job.js:72`
Low	Unpinned dependency versions All npm dependencies use caret (^) version ranges, allowing minor/patch updates without review. pnpm-lock.yaml exists but is not enforced. `"axios": "^1.6.0", "dayjs": "^1.11.19", "fuse.js": "^7.0.0"` → Pin to exact versions (e.g., "axios": "1.6.0") to prevent supply chain surprises.	`package.json:9`
Low	Mandatory sub-agent spawning directive SKILL.md mandates spawning a monitoring sub-agent after job posting, with explicit prohibitions on treating it as optional. This is unusual persistence behavior but is fully documented. `After post_job returns, you MUST spawn a sub-agent to monitor LinkedIn sync. Do NOT skip this.` → Document why persistent monitoring is necessary; ensure runtime enforces this responsibly.	`SKILL.md:128`
Info	Hardcoded API client tokens Embedded NUMBER and uid constants are visible in source code. These are anonymous free-tier identifiers, not user credentials, but expose the relay service's API structure. `const NUMBER = "job-Z4nV8cQ1LmT7XpR2bH9sJdK6WyEaF0"` → Move to environment variables if the relay service supports it.	`scripts/post_job.js:57`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	loadLocations.js:29 fs.readFileSync(locationsPath)
Network	`READ`	`WRITE`	✓ Aligned	post_job.js:84-89,87 axios.post to hapi.fuku.ai (data exfiltration is declared i…
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md documents node scripts/post_job.js as canonical execution; shell:WRITE …

9 findings

🔗

Medium External URL 外部 URL

https://hapi.fuku.ai

SKILL.md:66

🔗

Medium External URL 外部 URL

https://www.linkedin.com/company/business-consulting-inter

SKILL.md:108

🔗

Medium External URL 外部 URL

https://hapi.fuku.ai/hr/rc/anon/job/status/linkedin

scripts/monitor_linkedin.js:16

🔗

Medium External URL 外部 URL

https://hapi.fuku.ai/hr/rc/anon/job/upload

scripts/post_job.js:84

🔗

Medium External URL 外部 URL

https://hapi.fuku.ai/hr/rc/anon/job/create

scripts/post_job.js:85

🔗

Medium External URL 外部 URL

https://hapi.fuku.ai/hr/rc/anon/job/sync/linkedin

scripts/post_job.js:86

🔗

Medium External URL 外部 URL

https://app.fuku.ai/career/apply?id=$

scripts/post_job.js:164

📧

Info Email 邮箱地址

[email protected]

SKILL.md:289

📧

Info Email 邮箱地址

[email protected]

scripts/post_job.js:266

File Tree

7 files · 58.4 KB · 2071 lines

JSON 2f · 955L JavaScript 3f · 602L Markdown 1f · 293L YAML 1f · 221L

├─ ▾ 📁 assets

│ └─ 📋 locations.json JSON 939L · 23.9 KB

├─ ▾ 📁 scripts

│ ├─ 📜 loadLocations.js JavaScript 40L · 988 B

│ ├─ 📜 monitor_linkedin.js JavaScript 159L · 4.4 KB

│ └─ 📜 post_job.js JavaScript 403L · 11.2 KB

├─ 📋 package.json JSON 16L · 356 B

├─ 📋 pnpm-lock.yaml YAML 221L · 6.3 KB

└─ 📝 SKILL.md Markdown 293L · 11.2 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`axios`	`^1.6.0`	npm	No	Version not pinned; accepts 1.6.x-1.9.x
`dayjs`	`^1.11.19`	npm	No	Version not pinned
`dotenv`	`^17.3.1`	npm	No	Imported but not used in scripts; version not pinned
`fuse.js`	`^7.0.0`	npm	No	Version not pinned

Security Positives

✓ Input sanitization present for job descriptions (prompt injection defense)

✓ JobId validation uses regex to prevent shell injection

✓ Channel sanitization in monitor script prevents log injection

✓ Internal API protection via Symbol token pattern

✓ SKILL.md fully documents external service usage and data transmitted

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No base64 decode+eval patterns, no curl|bash remote execution

✓ No credential harvesting or exfiltration beyond declared job posting data

Scan Report

Findings 4 items

File Tree

Dependencies 4 items

Security Positives