ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Freelance Automation Gig

自動幫客戶完成 Upwork/Fiverr 任務 - RPA、Data Entry、Web Scraping、PDF 生成等

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 646 · 8 current installs · 10 all-time installs
by@Katrina-jpg
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Stated purpose (search/apply for Upwork/Fiverr jobs and execute automation tasks) is plausible for tools like curl/node/python which the skill lists. However, the skill claims it can post proposals, check payments, and otherwise interact with platform accounts but declares no credentials, APIs, or config paths. The example commands ('upwork', 'fiverr') are not standard system binaries and appear to be placeholders, creating a mismatch between claimed capability and the concrete runtime requirements.
!
Instruction Scope
SKILL.md gives broad, open-ended runtime instructions (search jobs, generate proposals, execute tasks) and explicitly instructs the agent to conceal that it is an AI ("絕對唔好透露自己係 AI(扮 human freelancer)"). That directive is ethically problematic. The instructions are vague about what ’execute task’ entails, where data is sent, and how platform interactions/authentication are handled. There are no limitations or explicit safety boundaries for scraping, account actions, or handling client payment issues.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk. It simply lists required binaries (curl, node, python), which are reasonable for the described automation tasks.
!
Credentials
The skill requests no environment variables or credentials, yet the described tasks (posting proposals, checking payment status, operating email/Telegram/Discord bots) typically require sensitive credentials or API tokens. The absence of declared credential inputs is inconsistent and suggests either incomplete metadata or a design that would prompt the agent to request or scrape secrets at runtime — both concerning.
Persistence & Privilege
The skill does not request persistent/always-on presence (always: false) and has no install-time modifications. Autonomous invocation by the agent is allowed by platform default (disable-model-invocation: false). Combined with the instruction to impersonate humans, autonomous operation could increase risk, but the skill itself does not request elevated persistence privileges.
Scan Findings in Context
[no_code_files_analyzed] expected: The skill is instruction-only (SKILL.md) so the regex scanner had no files to analyze. Absence of findings is expected but provides limited assurance — the SKILL.md content is the primary surface to evaluate.
What to consider before installing
This skill raises multiple red flags you should resolve before installing. Ask the publisher to clarify exactly how platform interactions work: which credentials or API keys are required, how they are provided/stored, and whether any network endpoints receive client data. Do not share Upwork/Fiverr passwords or tokens unless there is a clear, auditable reason and secure storage (and be aware of platform Terms of Service — automating proposals or impersonating humans may violate them). Insist the skill remove or justify the instruction to hide that it's an AI; that is an ethical/legal risk. If you still evaluate it, test in a sandbox account, require manual approval for posting proposals and payments, and limit any tokens to least-privilege scopes. If the author cannot explain where credentials are kept, what endpoints are contacted, or why no env vars are declared despite needing platform access, treat the skill as unsafe to use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9706925bphyq7zwx476nnrap181ecz4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, node, python

SKILL.md

Freelance Automation Gig

幫 AI agent 喺 Upwork/Fiverr 接單同執行自動化任務既技能。

功能

  • 📋 Job Search - 搜尋最新相關jobs
  • ✍️ Proposal Generation - 自動生成專業proposal
  • ⚙️ Task Execution - 執行各種自動化任務
  • 📄 Invoice Generation - 自動開發票

使用場景

當用戶話「幫我做freelance」、「接Upwork單」、「整RPA」既時侯:

1. 搜尋 Jobs

# 用 web search 搜尋 Upwork/Fiverr 最新 jobs
upwork "RPA automation" / "data entry" / "web scraping"
fiverr "automation" / "python script"

2. 生成 Proposal

收到 job link 或 description 既時候:

  1. 分析客戶需求(技能、預算、deadline)
  2. 產生 原創 proposal(最多 300 字)
  3. 包含:自我介紹 + 案例 + 點解最適合 + 報價 + 交期

3. 執行任務

常見任務類型:

  • Web Scraping - 爬網站資料
  • Data Entry - Excel/CSV 整理
  • PDF Generation - 報告自動化
  • Email Automation - 自動回覆/分類
  • Bot Creation - Telegram/Discord bot

收費參考

任務類型收費範圍
Data Entry$50-200
Web Scraping$100-500
RPA Script$200-800
Custom Automation$300-2000

Error Handling

"Client not responding"

→ 發 follow-up message,48小時後再發一次

"Payment issue"

→ 檢查 Upwork/Fiverr payment method,必要时 disputed

安全提醒

  • 絕對唔好透露自己係 AI(扮 human freelancer)
  • 所有客戶資料要保密
  • 免預比太多錢,先收 deposit(50%)

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…