Security audit

Freelancer Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent freelancer time-tracking skill that stores sensitive client and billing data locally, with disclosed invoice and export workflows.

Install only if you are comfortable keeping client contact and financial records under ~/.freelancer-toolkit on the machine running OpenClaw. Use disk encryption and account-level access controls, review invoice drafts before approving InvoiceGen Pro handoff, and periodically clean up exported CSV/Markdown/JSON reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The README presents very broad natural-language examples such as logging work by simply stating what was done, without defining clear activation boundaries or requiring an explicit command prefix. In an always-listening or broadly routed agent environment, ordinary conversation could be misinterpreted as a command, causing unintended time entries, client data updates, or invoice preparation actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README describes storage of clients, projects, rates, payment terms, and time entries in local JSON files, but does not clearly warn users that this is sensitive business data. Users may enable the skill on shared machines, synced home directories, or agents with broad filesystem access without understanding the confidentiality and privacy implications, increasing the risk of inadvertent exposure.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The setup flow asks for client/company name, hourly rate, email, payment terms, and notes, while also stating settings can be changed later in a local file, which implies persistence. Requesting and storing business contact and billing data without a clear warning about what is stored, where it is stored, and how sensitive fields should be handled creates a privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The prompt states that invoice data flows directly to InvoiceGen Pro for PDF generation, but it provides no privacy, trust-boundary, or data-sharing warning. Because invoice data commonly includes client identities, billing amounts, and payment terms, silent transfer to another tool can expose sensitive business information without informed user consent.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The skill relies on broad conversational triggers rather than tightly scoped commands, so ordinary phrases like discussing past work could unintentionally create, modify, or stop time-tracking actions. In an always-on agent environment, this can lead to accidental state changes, incorrect billing records, or unintended disclosure in downstream workflows.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill stores sensitive business data locally, including client identities, contact details, billing rates, notes, payment history, and work descriptions, but does not prominently warn users about this persistence. Users may provide confidential client information without understanding it will be written to disk, increasing privacy, compliance, and local data exposure risks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The InvoiceGen Pro integration transfers client contact and billing data to another skill, but the description does not clearly warn users that cross-skill sharing occurs. This creates a confidentiality risk because users may assume data stays within the current skill when in fact it is exported or handed off elsewhere.

Missing User Warnings

Medium

Confidence: 74% confidence
Finding: The script writes a markdown report containing sensitive client billing details, contact data, rates, hours, and financial balances to disk automatically in a predictable export directory without explicit user confirmation or any file permission hardening. In a freelancer context this increases the chance of unintended persistence, local disclosure to other users/processes, backup/sync leakage, or accidental sharing of sensitive client information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.