ClawHub

Neckr0ik Freelance Automator

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it claims real freelance-platform automation while the code generates mock-looking job listings, stores business records locally, and does not clearly control client-facing actions.

Install only if you treat the job results as demo or unverified data, manually review every proposal, message, and invoice, and are comfortable with local storage under ~/.freelance-automator. Do not rely on the claimed platform coverage or provide platform credentials unless the publisher adds real integrations, clear permission boundaries, approval gates, and storage/retention documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises shell, file read, and file write capabilities without declaring permissions or boundaries, which weakens user awareness and policy enforcement. In a skill that automates business workflows, these capabilities could be used to read local data, modify files, or run commands beyond the user's expectation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior does not match the actual behavior: it claims platform automation but appears to fabricate example jobs, store drafts locally, and manage local data instead of interacting with the listed services. This is dangerous because users may rely on false assumptions about external actions, data handling, and business outcomes, leading to deception, accidental disclosure, or improper use of generated artifacts.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The broad 'use when' phrasing could cause the skill to activate for many generic freelance-assistance requests, even when the user did not intend job automation, messaging, or invoice actions. Given the skill's file and shell-related capabilities and business-action framing, overbroad triggering increases the chance of unintended side effects or misleading assistance.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes an option to send invoices directly to clients but does not mention confirmation, preview, recipient verification, or rate limiting. Any skill that can initiate outbound business communication on the user's behalf can cause financial, reputational, and privacy harm if triggered accidentally or with incorrect client data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Automated client messaging and auto-reply features are described without warning that the skill may contact external parties on the user's behalf. In a freelance context, unsupervised outbound messages can misrepresent the user, leak sensitive project details, spam clients, or damage platform accounts and professional reputation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Invoice files containing client identity and billing details are silently persisted to disk in a predictable local application directory. On shared systems, backups, or compromised user environments, this can expose sensitive business data without the user's informed consent or any retention controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The proposal generator forwards job descriptions, client-related metadata, and user pricing information into an external model process without clear notice or consent. Even if Ollama is typically local, the model/runtime may log prompts, use remote resources, or process sensitive customer data in ways the user does not expect.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal