Back to skill

Security audit

HunterAI: Auto-Apply & Win Upwork Jobs

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Upwork proposal workflow with local logging, but users should treat its auto-apply language carefully and review proposals before any real submission.

Install only if you want a local agent to generate Upwork-style proposals and maintain a persistent bid ledger and proposal vault. Review every generated proposal and job entry before submitting anything on a real Upwork account, and periodically inspect or delete the local log and vault if they contain sensitive business information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly instructs the agent to 'find and apply' to Upwork jobs and states that it will 'scan, filter, score, write, and log,' but it does not clearly warn the user that this performs account-affecting actions and stores persistent local records. For an automation skill operating on a third-party platform account, missing consent, review, and retention warnings can lead to unintended submissions, platform policy violations, and exposure of sensitive proposal/job-history data on disk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is explicitly designed to autonomously find and apply to jobs, and the trigger model uses natural-language phrases that can cause activation for a high-impact action with limited confirmation boundaries. In this context, ambiguous invocation is dangerous because it can lead to unintended proposal generation, bid submission, and downstream reputation or financial harm on a live freelancing platform.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad and include short forms like "upwork apply" and "hunt upwork jobs," which are easily matched in ordinary conversation and can activate sensitive automation behavior. Because the skill’s purpose is to automate bidding workflows, underspecified activation increases the risk of accidental execution of actions that affect persistent records and potentially external accounts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to append full application records and proposals to .upwork/APPLICATION_LOG.md immediately, but does not require any warning, preview, or consent for persistent workspace modification. This is dangerous because it can silently alter records, create inaccurate audit history, and store sensitive proposal content without the user's explicit approval.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs automatic updates to PROPOSAL_VAULT.md and APPLICATION_LOG.md, including promotion of hooks and status changes, without warning that these are persistent edits. In a system that treats these files as memory and source-of-truth, silent modification can corrupt operational data, reinforce bad automation decisions, and make later actions depend on unreviewed state changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.