Freelance Autobot
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill asks to automatically create or modify freelance-platform profiles and submit proposals, but the artifacts do not define safe approval, credential, or code-provenance boundaries.
Review carefully before installing or using. Do not let it submit proposals or edit profiles unless you have inspected the missing scripts, understand the account access required, and can approve each proposed profile change or job application manually.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send unwanted or inaccurate proposals from the user's account, causing reputational harm, spam-like activity, or unintended business commitments.
The skill presents an automated path for submitting proposals to external freelance platforms, but the artifacts do not require user review or approval for each proposal before posting.
# Auto-submit proposals python scripts/gig_hunter.py --platforms freelancedao,cryptogig ... 4. Submit proposal with personalized pitch using skills metadata
Make dry-run the default, require explicit user confirmation for every proposal, show the exact proposal text and target gig before submission, and define rate, budget, and platform limits.
Users may not understand what account authority the skill needs or how their freelance-platform sessions, credentials, and profile permissions would be used.
Creating a profile and submitting proposals imply use of the user's platform identity, but the supplied registry metadata declares no primary credential, environment variables, or scoped account-access requirements.
# Create your CryptoGig profile python scripts/build_cryptogig_profile.py # Auto-submit proposals
Declare the required platform credentials or login flow, limit access to the minimum needed actions, and document exactly what profile and proposal data can be read or changed.
A user or agent might need to obtain or run unreviewed code to perform the advertised actions, which is risky because that code would control external account activity.
The instructions depend on scripts, but the provided artifact set contains only SKILL.md with no install spec or code files, so the behavior of the scripts that would perform account actions cannot be reviewed.
python scripts/gig_hunter.py --platforms freelancedao,cryptogig --dry-run python scripts/build_cryptogig_profile.py
Include the referenced scripts, pinned dependencies, and setup instructions in the reviewed package, or remove commands that require missing code.
The generated profile could misrepresent the user to clients and platforms, creating trust, policy, and reputational problems.
The skill provides specific professional claims for users to copy to platforms without showing that those claims are derived from or verified against the user's actual background.
## Profile Bio (copy to platforms) ... Masters-educated tech specialist with 26+ years in tech: ... Delivered 50+ projects globally.
Generate profile text only from verified user-provided facts, mark all claims for review, and require the user to confirm accuracy before publishing.