ClawHub

Upwork Proposal Generator

v1.0.0

Automatically analyze Upwork job posts and create personalized, professional proposals including intro, past cases, pricing, and deadlines.

0· 758·2 current·3 all-time
by@katrina-jpg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (generate proposals from Upwork job posts) matches the SKILL.md instructions (analyze job text/link and produce a tailored proposal with intro, past cases, pricing, deadline). The skill requests no unrelated binaries, env vars, or config paths.
Instruction Scope
Runtime instructions are narrowly scoped to analyzing a job post (link or text) and producing a proposal up to 300 words with specified components. The SKILL.md does not instruct the agent to read unrelated files, environment variables, or system paths.
Install Mechanism
Registry metadata contains no install spec and the package is instruction-only, but SKILL.md includes a user-facing command 'npx clawhub@latest install upwork-proposal-generator'. That suggests running code fetched from the npm ecosystem (clawhub) which is not validated here. This is not inherently malicious but is an unverified external installer instruction and deserves caution.
Credentials
No environment variables, credentials, or config paths are required. The skill's needs are minimal and proportional to its stated functionality.
Persistence & Privilege
Flags show no forced always-on behavior and the skill does not request elevated persistence or system-wide config changes.
Assessment
This skill appears to do what it says (analyze a job post and write a proposal) and doesn't request credentials. Two cautions before installing/using: 1) SKILL.md suggests running an 'npx clawhub@latest ...' command — running npx will fetch and execute code from npm (verify the package and its publisher first). 2) If you paste private Upwork links or other sensitive content, the agent or any code it invokes could access that content; avoid sharing secrets. If you want higher assurance, ask the publisher/source of the skill for a verified install method or source code, or prefer installing only from known registry install specs.

Like a lobster shell, security has layers — review code before you run it.

latestvk979a005csdrat2fjjcam23y5181etnb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments