Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Freelance Helper
v1.0.2智能分析项目需求,生成合理报价与合同,自动管理项目进度与客户,助力自由职业者高效接单。
⭐ 0· 52·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims a broad set of features (opportunity scraping, automated reminders, contract generation, CRM storage under ~/.openclaw/workspace/data/freelance/) in SKILL.md, but the bundled index.js implements only a local CLI analyzer, simple quotes/ recommendations, and basic local project/client JSON storage. Several advertised capabilities (web scraping, scheduled reminders, contract file creation) are not present in the code. This overclaiming is an incoherence between stated purpose and actual capability.
Instruction Scope
SKILL.md instructs editing a YAML config at ~/.openclaw/workspace/config/freelance-config.yaml and describes data stored under ~/.openclaw/workspace/data/freelance/ with projects.json/clients.json/contracts/, but index.js reads/writes a JSON config and uses different filenames (~/.openclaw/workspace/config/freelance-config.yaml as a JSON file, and ~/.openclaw/workspace/data/freelance-projects.json and freelance-clients.json). The README also describes network actions (scraping external sites) and scheduled reminders, yet the code contains no network or scheduling logic. Instructions therefore don't match runtime behavior and reference files/formats the code does not use.
Install Mechanism
There is no install spec and no external downloads; the package is instruction-only plus a small CLI script. No external dependencies or network installers are used, which is low-risk for install mechanism.
Credentials
The skill requests no environment variables or credentials. The code does reference HOME / USERPROFILE to locate files in the user's home directory, which is normal for a user-space tool and proportional to its local storage behavior.
Persistence & Privilege
The skill writes persistent files under the user's home (~/.openclaw/workspace/...), creating config and data files. This is expected for a project/CRM helper but could conflict with other tools using the same path; it does not request elevated privileges or modify system-wide settings, nor is always:true set.
What to consider before installing
This skill appears to overpromise features in its README that are not implemented in the included code. Before installing or using it, consider: 1) Inspect the repository and run the CLI locally (e.g., node index.js analyze "...") to confirm actual behavior. 2) Expect the tool to create and modify files under ~/.openclaw/workspace/ (config and JSON data); back up any existing .openclaw data first. 3) Do not rely on advertised networked features (web scraping, scheduled reminders, automatic contract file generation) unless the author provides updated code — they are not present in index.js. 4) If you need those advanced features, ask the author for clarification or a newer release; if you only need local quoting/analysis, the code is simple and local-only. 5) Prefer running/testing in an isolated environment or sandbox if you are unsure. If you want, request the author to fix the README vs code mismatches (YAML vs JSON config, file paths/names, advertised features).Like a lobster shell, security has layers — review code before you run it.
aivk973xax3zyd051h7bvykg029g583q92tchinesevk976hsdmr2zeqb84mtv9w8vqhh83qbjmfreelancevk976hsdmr2zeqb84mtv9w8vqhh83qbjmlatestvk976hsdmr2zeqb84mtv9w8vqhh83qbjmpricingvk973xax3zyd051h7bvykg029g583q92t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.