Ai Freelance Helper
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is broadly aligned with freelance pricing and project tracking, with no evidence of exfiltration or destructive behavior, but users should notice its local client/project data storage and limited provenance.
This appears safe to use for project analysis and quote generation. Before installing, be aware that it may store freelance/client data locally, its source provenance is limited, and some advertised features may not be fully implemented in the included code.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less external context for who maintains the skill or where its code comes from.
The registry does not provide an upstream source or homepage, which limits provenance review, though the provided package has no dependencies or install scripts.
Source: unknown Homepage: none
Review the included files before installing and prefer skills with a clear repository or publisher history when available.
The agent may retrieve third-party webpage content as part of its analysis.
The skill instructs the agent to fetch user-specified webpages for opportunity analysis. This is disclosed and purpose-aligned, but it is still external web access.
AI 会: 1. 抓取页面内容 2. 识别相关职位/项目 3. 评估匹配度
Only ask it to inspect sites you are comfortable accessing, and review any generated recommendations before acting on them.
Freelance project details, client records, and contract drafts may remain on disk for later use.
The skill discloses persistent local storage for project, client, and contract data. This fits the CRM/project-management purpose but may contain sensitive business information.
所有数据存储在 `~/.openclaw/workspace/data/freelance/`: - `projects.json` - 项目列表 - `clients.json` - 客户信息 - `contracts/` - 生成的合同
Avoid storing unnecessary sensitive client information and periodically review or delete the local data files if no longer needed.
You may expect automation that the included code does not actually provide.
The documentation advertises contracts, reminders, and CRM behavior, while the included index.js command list only implements analyze, projects, and config. This looks like incomplete or overstated functionality rather than hidden malicious behavior.
- ✅ **合同生成** - 自动生成服务协议 - ✅ **进度跟踪** - 记录项目状态,提醒截止日期 - ✅ **客户管理** - CRM 功能,记录客户信息、沟通记录
Treat the skill as a lightweight analysis/project-data helper unless you verify the advertised contract, reminder, and CRM functions are implemented elsewhere.