upwork-apply

The codebase is designed to automate scraping Upwork jobs, generate proposals via an external LLM, and store results in Google Sheets. The strongest security concerns are data leakage and misconfiguration: scraped job and client data are forwarded to third parties (Apify and Anthropic) and persisted locally and in Google Sheets without documented redaction, retention, or least-privilege credential guidance. There is also an operational/legal risk from scraping Upwork that should be addressed. There is no clear evidence of intentional malware or obfuscated backdoors in the provided manifest. Recommendations: implement data minimization/redaction before external API calls, document and require least-privilege credentials and safe Google Sheets authentication (OAuth/service account with limited scope), add explicit retention and secure deletion of temporary files, respect Upwork ToS/robots.txt, and add guidance for endpoint verification and rate-limiting.