Win More Clients with AI Proposals (Freelancer & Agency Tool)

Security checks across malware telemetry and agentic risk

Overview

This is a text-only freelance proposal generator with a privacy caution around pasted client/job details, but its behavior is disclosed and aligned with its purpose.

Before using this skill, redact names, email addresses, phone numbers, private client messages, platform account links, credentials, contract terms, and confidential business details that are not needed for proposal drafting. Also verify that any generated claims about results, availability, team size, scarcity, or pricing are truthful before sending them to a client.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly instructs users to paste a full Upwork listing or client email, which can include personal data, confidential business details, contact information, or proprietary requirements. Because this skill is designed for external client acquisition workflows, normalizing wholesale submission of client communications to an AI system increases the risk of privacy breaches and unintended disclosure of sensitive third-party data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal