ClawHub

Upwork Freelancer Operations

v1.0.0

Income and pipeline management for Upwork freelancers. Proposal drafting, job scanning, client follow-up sequences, contract tracking, invoice reminders, and...

0· 32·0 current·0 all-time
by@joshbuildswithdoit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with SKILL.md tasks (job scanning, proposal drafting, client follow-ups, income tracking). The inputs the skill asks for (profile URL, rates, active contracts, client names) are reasonable and proportional to the described functionality.
Instruction Scope
Instructions are instruction-only and stay within scope (summarize job postings, draft proposals, track earnings). They assume the user supplies job URLs or posting text; this implies the agent may fetch or read web pages if it has network access. The skill does not ask the agent to read unrelated system files or credentials.
Install Mechanism
No install spec and no code files — nothing is written to disk or fetched during an install step, which reduces the surface for hidden code execution.
Credentials
The skill requests no environment variables or API credentials (proportionate). However it expects personal/client data (profile URL, contract details, client names); users should avoid pasting passwords, tokens, or other sensitive credentials into the agent prompts.
Persistence & Privilege
always:false and no install mean the skill does not request persistent presence. Autonomous invocation is allowed by default on the platform but this skill does not request elevated persistence or cross-skill config changes.
Assessment
This skill appears coherent and low-risk because it is instruction-only and asks for no credentials or installs. Before using it: (1) do not paste Upwork login credentials, API keys, or client passwords into the agent — only share the profile URL, non-sensitive contract summaries, rates, and anonymized client identifiers; (2) if you want automated job scanning, be aware the agent may fetch provided URLs — confirm your agent runtime has safe network policies and data handling rules; (3) the skill's source is unknown: prefer skills from identifiable publishers or test with non-sensitive data first; (4) ask the agent where any gathered data is stored or logged and avoid sharing sensitive client PII until you verify storage/retention policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dytbw6rdc5f084x94e61xrn84zywq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments