Upwork Automation Using Ai

Security checks across malware telemetry and agentic risk

Overview

This skill automates Upwork job searching and proposal drafting, with sensitive login handling disclosed and proposal submission blocked unless the user explicitly approves it.

Install only if you are comfortable letting the agent operate an active Upwork browser session. Prefer logging in manually when possible, review all selected jobs and filled proposal fields, and only say "submit now" after verifying the final proposal yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This markdown file describes automating Upwork login, including filling email and password, which involves sensitive credential handling. Although it says credentials are user-provided for the run and not persisted, it does not provide an explicit user-facing warning about the sensitivity and privacy implications of entering credentials into the automation workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal