ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Freelancer Bidder

v1.0.0

Scan Freelancer.com for new projects matching your skills, draft personalized bid proposals, and track bidding history. Use when you want to find freelance j...

0· 89·0 current·0 all-time
by@onlyloveher·duplicate of @onlyloveher/freelancer-bidder-clawd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for onlyloveher/freelancer-bidder-zhouli.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Freelancer Bidder" (onlyloveher/freelancer-bidder-zhouli) from ClawHub.
Skill page: https://clawhub.ai/onlyloveher/freelancer-bidder-zhouli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install freelancer-bidder-zhouli

ClawHub CLI

Package manager switcher

npx clawhub@latest install freelancer-bidder-zhouli
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill says it will search Freelancer.com and submit bids, but it declares no required credentials, API keys, or binaries. Submitting bids or using Freelancer's API normally requires account authentication; the absence of any declared auth or guidance is inconsistent. Additionally, metadata files disagree on owner/version/homepage, which weakens provenance.
!
Instruction Scope
SKILL.md instructs the agent to 'Fetch matching active projects via Freelancer API / web search' and to 'Submit and log it' but gives no concrete, scoped steps for authentication, rate limits, or what 'submit' means (API call vs browser automation). It also instructs maintaining and updating a bids.md file in the workspace (writing data locally), which is reasonable for tracking but combined with unspecified external submission is vague and could lead to unintended actions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — nothing is written to disk by an installer, which is low-risk for installation mechanics.
!
Credentials
No environment variables or credentials are declared, yet the skill's functionality (especially submitting bids) would reasonably require Freelancer account credentials or an API key. The absence of any declared auth is disproportionate to the claimed capability and creates ambiguity about how authentication or posting would be handled.
Persistence & Privilege
The skill does not request permanent/injected presence (always: false) and does not declare modifications to other skills or system-wide settings. Writing a bids.md in the workspace is normal for a task-tracking feature, but it should be done only with user consent.
What to consider before installing
What to consider before installing: - Provenance: metadata inside the package (ownerId and version) doesn't match the registry listing and the skill claims no homepage in the registry despite skill.yaml containing a homepage — this mismatch reduces trust. Ask the publisher to confirm identity and provide a reputable homepage or repo. - Authentication: the skill claims it will 'fetch' and 'submit' bids on Freelancer.com but declares no required API key or account credentials. Do not provide your Freelancer account credentials unless you fully trust the skill's author and understand exactly how credentials are stored and used. Prefer read-only use (searching) until authentication/submission flows are clearly documented. - Submission behavior: clarify whether the agent will actually post bids on your behalf or only draft proposals for you to manually submit. If automatic submission is supported, require explicit, per-action consent and logging. - Test safely: if you try it, use a throwaway Freelancer account first and monitor what files the agent writes (bids.md). - What would change the assessment: clear, consistent metadata; explicit declaration of required credentials (e.g., FREELANCER_API_KEY or instructions saying 'you must connect your Freelancer account via OAuth'); and detailed, auditable submission steps (API endpoints, scopes, and where credentials are stored) would make the skill coherent and could move the verdict toward benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk970w96z1n5ek68g0svf4ybjhx83pnd1
89downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@onlyloveher
latest
Download

Freelancer Bidder

Automatically scan Freelancer.com for matching projects and draft personalized bid proposals.

Capabilities

  • Search active projects by keywords/skills
  • Filter by budget, project type (fixed/hourly), and recency
  • Draft personalized, professional bid proposals
  • Track bid history and win rates
  • Suggest optimal bid price based on project budget

How to Use

Tell the agent:

  • Your skills (e.g., "Python, data scraping, translation")
  • Budget range preference
  • Tone of proposals (professional / friendly / concise)

Search Projects

Find Freelancer projects for: [your skills]
Budget: $[min]-$[max]
Posted within: last [N] hours

The agent will:

  1. Fetch matching active projects via Freelancer API / web search
  2. Rank by relevance and budget
  3. Present top 5–10 opportunities

Draft a Bid

Draft a bid for project: [project title / URL]
My background: [brief intro]
Tone: professional

The agent will generate a winning proposal including:

  • Personalized opening (addresses client's specific need)
  • Your relevant experience
  • Clear delivery timeline
  • Call to action

Track History

Maintain a bids.md log in your workspace:

| Date | Project | Budget | Status |
|------|---------|--------|--------|

Tips for Winning Bids

  1. Respond fast — first 5 bidders get 60% more views
  2. Be specific — reference the client's exact problem
  3. Keep it short — under 150 words for fixed-price jobs
  4. Show, don't tell — link to similar past work
  5. Ask one question — shows genuine interest

Workflow Example

User: Find Python scraping jobs under $200 posted today
Agent: [returns 8 matching projects with details]

User: Draft bid for project #3
Agent: [generates personalized 120-word proposal]

User: Submit and log it
Agent: [updates bids.md with entry]

Comments

Loading comments...