rentahuman.ai
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
RentAHuman mostly matches its purpose, but it gives an agent live authority to post paid real-world tasks, message or hire people, and references broader payment-card capabilities, so users should review it carefully before granting an API key.
Install only if you are comfortable letting an agent interact with real people through RentAHuman. Keep RENTAHUMAN_API_KEY unset until needed, use the least-privileged or lowest-limit key available, manually confirm every bounty/message/hire/payment detail, avoid unnecessary private addresses or identifiers in prompts, and remove ~/.rentahuman-identities if you want to reset the local agent identity.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an API key is available, a mistaken or overly broad agent invocation could create paid task postings or hire/reject applicants on the user's RentAHuman account.
The included CLI performs immediate authenticated POST/PATCH calls that create bounties and accept applications, i.e. real-world hiring actions, without an in-tool confirmation or spending/approval boundary.
async "create-bounty" ... await authPost("/bounties", body) ... async "accept-application" ... action: "accept" ... await authPatch(`/bounties/${params.bountyId}/applications/${params.applicationId}`, body)Require explicit user confirmation for every bounty, message, and application decision, including budget, location, number of workers, deadline, and any personal details; use a low-limit or scoped API key if the service supports one.
A card-enabled or payment-enabled API key could give the agent access to sensitive payment information or payment-release capabilities if those documented tools are used.
The bundled API reference indicates the RentAHuman API-key ecosystem can expose payment-card details and payment release operations, which is broader financial authority than the top-level quick-start disclosure of posting bounties and messaging.
`get_card_details` ... Returns: Card number, CVV, expiry, current balance. ... `release_payment` Release payment to the worker's bank account.
Do not provide a card/payment-enabled API key unless required; prefer least-privilege keys, remove or separate payment-card tools from this skill, and require explicit user approval before any payment or card-detail operation.
The agent identity can persist across sessions and remain on disk after the user finishes using the skill.
The script generates and stores a persistent local private key for agent identity. The permissions are restrictive and the behavior supports the stated identity-verification purpose, but it is still a persistent credential.
const IDENTITIES_DIR = path.join(os.homedir(), ".rentahuman-identities"); ... privateKey: privDer.toString("base64") ... fs.writeFileSync(..., { mode: 0o600 });Document this storage clearly in SKILL.md and provide a cleanup/reset instruction for users who want to remove the local identity.
Users may assume the full referenced MCP toolset was reviewed with this skill when only the local CLI script is present.
The reviewed package contains no MCP server or install spec for rentahuman-mcp, so this reference points to capabilities outside the included code and reviewed install path.
Complete reference for all 37 MCP tools available through the `rentahuman-mcp` server.
Either include and pin the referenced MCP component for review or clearly state that references/API.md describes an external/unreviewed integration.
A reviewer or agent could see a slightly different rendering in raw source if control characters are present.
Unicode control characters can affect how text is displayed or reviewed. The neutralized artifact does not show a hidden instruction, so this is a presentation-integrity note rather than proof of malicious intent.
Pre-scan injection signals: unicode-control-chars; neutralizer reported controlCharactersRemoved: 2
Remove unexplained Unicode control characters from SKILL.md and re-publish a clean copy.