ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Freelance Proposal Writer

v1.0.0

Write high-converting freelance proposals from job postings (Upwork, Toptal, Freelancer, etc). Given a job URL or pasted description, analyzes the client's r...

0· 390·2 current·2 all-time
by@kevdogg102396-afk
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and the SKILL.md all focus on parsing job descriptions/URLs and producing tailored proposals. No declared env vars, binaries, or install steps are requested, which aligns with an instruction-only text-processing skill.
!
Instruction Scope
The runtime instructions ask the agent to fetch job pages via 'WebSearch or Bash'. Allowing Bash and Read gives the agent the ability to execute arbitrary shell commands and read local files — actions not required for composing a proposal and which could expose local data. The 'MY_STACK' snippet instructs the user to edit their stack but does not specify where that is stored or how the agent will access it, creating ambiguity about whether the agent will write/read files or persist data.
Install Mechanism
No install spec and no code files — the skill is instruction-only. That minimizes disk writes and code-execution risk from third-party downloads.
Credentials
The skill declares no environment variables or credentials, which is appropriate. However, because the instructions permit Bash/Read, an agent with those tools could access environment variables or files on the host if platform tooling maps those capabilities directly — this is a platform/tooling concern rather than something the SKILL.md explicitly requests.
Persistence & Privilege
always is false and there are no instructions to modify other skills or system-wide settings. The skill does not request permanent presence or elevated platform privileges in its manifest.
What to consider before installing
This skill appears to do what it says: parse job postings and write targeted proposals. Before installing, confirm how the platform implements the allowed-tools listed in SKILL.md. 'Bash' and 'Read' let an agent run shell commands and read local files — capabilities that are unnecessary for writing proposals and could expose local files or environment variables if not sandboxed. Ask the publisher (or your platform admin) to: 1) restrict the skill to WebSearch (or specify a safe HTTP fetch tool) and remove Read/Bash unless explicitly needed; 2) clarify where and how 'MY_STACK' is stored and whether the agent will read/write files to persist it; and 3) ensure the platform prevents the skill from accessing host env vars or arbitrary filesystem paths. If you paste job descriptions, avoid including any secrets or authentication tokens in that text.

Like a lobster shell, security has layers — review code before you run it.

freelancevk9781jqzq2kzre9fw2kh2dw44h827qqmlatestvk9781jqzq2kzre9fw2kh2dw44h827qqmproposalvk9781jqzq2kzre9fw2kh2dw44h827qqmsalesvk9781jqzq2kzre9fw2kh2dw44h827qqmupworkvk9781jqzq2kzre9fw2kh2dw44h827qqm
390downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@kevdogg102396-afk
freelancelatestproposalsalesupwork
Download

Freelance Proposal Writer

Why This Exists

Generic proposals waste connects. This skill crafts targeted proposals that lead with the client's problem, not your resume. 180-220 words that get responses.

Setup

Edit the MY_STACK section below to match your skills. This runs once:

MY_STACK:
- Frontend: [your frontend skills]
- Backend: [your backend skills]
- AI/Automation: [your AI/automation stack]
- Rate: [your rate range — e.g., $65-100/hr or project-based]

Process

Step 1: Extract Job Details

From $ARGUMENTS:

  • If URL: use WebSearch or Bash to fetch page content
  • If pasted text: parse directly

Extract:

  • Client's stated problem (what they're asking for)
  • Client's real problem (what they actually need — often different)
  • Budget (hourly vs fixed)
  • Timeline
  • Tech stack specified or implied
  • Client background (company type, size, spend history if visible)

Step 2: Score the Opportunity

Quick fit score (skip if < 6/10):

  • Stack match: /3 (2+ = strong match)
  • Budget viable: /2 (meets your floor)
  • Client quality: /2 (some platform history, reasonable expectations)
  • Problem solvable: /2 (not vague "build me a startup" type requests)
  • Timeline realistic: /1

If score < 6: output SKIP — [specific reason] and stop.

Step 3: Identify the Hook

The first line is everything. Find the client's most pressing pain:

  • "You're losing users because [X]"
  • "The bug you described is caused by [Y], here's the fix"
  • "I've built exactly this for [similar context] — here's what I learned"

Never start with "Hi, I'm [name]" or list your skills first.

Step 4: Write the Proposal

Target: 180-220 words. Structure:

[HOOK — 1-2 sentences. Lead with their problem or a direct solution]

[SOLUTION — 2-3 sentences. Concrete approach. Specific tech choices + why]

[PROOF — 1-2 sentences. Closest relevant thing you've built. No fluff]

[TIMELINE & CTA — 1-2 sentences. Realistic estimate + clear next step]

Tone: confident, direct, no buzzwords. Write like texting a peer.

Avoid: "I am a highly experienced developer", "I would love to help", "I am very passionate about", generic portfolio links without context.

Step 5: Output

Produce:

  1. The fit score with breakdown
  2. The proposal text (ready to paste)
  3. One optional follow-up question to add at the end (optional, if it would help)

Example Output Format

FIT SCORE: 8/10
- Stack: 3/3 (Next.js + Supabase exact match)
- Budget: 2/2 ($75/hr = your minimum)
- Client: 2/2 ($5k spend history, US company)
- Problem: 2/2 (specific auth bug, clear scope)
- Timeline: 1/1 (2-week estimate is realistic)

PROPOSAL:
[180-220 word proposal here]

OPTIONAL QUESTION: "Are you open to a 1-hour paid discovery call to confirm the scope before the full project kicks off?"

Comments

Loading comments...