Back to skill
Skillv1.0.0
ClawScan security
Upwork Hunting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 12, 2026, 8:24 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions reasonably describe an Upwork-job hunting workflow but they reference local services, credentials, and file paths without declaring or requesting them — that mismatch is concerning and should be clarified before use.
- Guidance
- What to check before installing: - Clarify where the skill will run and what it may access. The SKILL.md references ~/projects/n8n-workflows/, workspace/artifacts/, and a live n8n at localhost:5678 — confirm these paths/services exist and are intended to be read or contacted. - Ask the author to declare required credentials (Twilio, OpenAI/Ollama, Upwork API keys if used) and config paths in the skill metadata. Right now the skill assumes credentials are 'already configured' but does not request them explicitly. - If you allow autonomous invocation, restrict the agent's network and filesystem permissions (or run in an isolated environment) because the skill instructs the agent to contact local services and third-party APIs. - Verify how the skill searches Upwork (web search vs Upwork API). Scraping pages or automating bidding may violate Upwork terms; get that clarified. - Prefer a version of this skill that lists required env vars and config paths, and that includes explicit 'dry-run' / manual-approval steps before posting bids or sending messages (Twilio) to prevent accidental outbound actions. If you can't get those clarifications, treat the skill as untrusted and avoid giving it filesystem/network access or permission to submit bids/messages automatically.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md describes finding and bidding on Upwork jobs using an n8n template library and a local n8n instance, which is coherent with a 'Upwork Hunting' purpose. However, the skill claims capabilities (live n8n demos, Twilio integration, OpenAI/Ollama use, template library ~~/projects/n8n-workflows/) that require local resources and credentials that are not declared in the skill metadata.
- Instruction Scope
- concernThe runtime instructions explicitly reference local files/paths (~/projects/n8n-workflows/, workspace/artifacts/), a local service (localhost:5678), and configured third-party services (Twilio, OpenAI, Ollama). The skill does not declare or justify access to these paths or services, nor does it explain how it will authenticate to Upwork (scrape vs API). Instructions therefore ask the agent to read local state and reach local/external endpoints without any declared boundaries.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so there is no installer risk. Nothing will be written to disk by an installer as part of skill installation.
- Credentials
- concernThe skill presumes access to Twilio, OpenAI/Ollama, and a local n8n instance but declares no required environment variables or primary credential. That absence is disproportionate to the claimed capabilities: those integrations normally require API keys/credentials and/or local configuration paths.
- Persistence & Privilege
- okThe skill does not request always:true and has no install-time persistence. It can be invoked autonomously (platform default), which increases its practical reach — combine that with the other concerns (local services and undeclared creds) before enabling autonomous use.