ClawHub

rentahuman.ai

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for hiring people, but it needs Review because its documentation reaches into real-world hiring, account credentials, and payment-card or escrow actions without enough scoping or confirmation guidance.

Install only if you want an agent to help interact with RentAHuman on your behalf. Do not provide RENTAHUMAN_API_KEY until needed, require a human final approval for every bounty, message, hiring decision, card, escrow, or payment action, and avoid exposing any API key or payment-card data in chat logs or shared workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The API reference exposes financial primitives far beyond simple human-task coordination, including prepaid card access, escrow funding, and payment release. Expanding a skill into payments and card operations materially increases the blast radius of misuse, enabling monetary loss and access to regulated financial data not implied by the stated skill description.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Documenting a tool that returns full prepaid card details, including card number and CVV, creates direct access to highly sensitive payment credentials. If an agent, prompt injection, logs, or downstream integration mishandles this output, the card can be immediately abused for unauthorized transactions.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Allowing the skill to create and revoke API keys introduces account-credential lifecycle management that is not necessary for the advertised task-coordination purpose. These functions can be abused to establish persistence, expand access, or disrupt the account by revoking valid credentials.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to trigger on many generic requests for "real-world help," which can route ordinary user asks into a capability that enables contacting and coordinating third parties for physical-world actions. In this context, over-broad invocation increases the chance of unnecessary escalation from informational assistance to real-world tasking, including errands, meetings, pickups, or other safety-sensitive activities.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation presents card number and CVV retrieval as a routine operation without emphasizing that the output is extremely sensitive regulated payment data. In agentic contexts, lack of warnings increases the chance that operators expose the data in prompts, logs, or message threads, leading to credential compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API key creation flow returns a raw secret and does so without prominent secure-handling guidance, increasing the chance the key is copied into logs, chats, or agent memory. Exposed API keys can grant persistent unauthorized access and are particularly risky in autonomous-tooling environments.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Releasing escrow payment transfers funds to a worker's bank account, and the documentation omits a warning that this may be irreversible or difficult to recover. In an agent context, insufficient emphasis on finality raises the likelihood of accidental or manipulated fund release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal