rentahuman.ai
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: rent-a-human Version: 1.0.0 The OpenClaw AgentSkills bundle for RentAHuman.ai is classified as benign. The `scripts/rentahuman.mjs` script uses standard Node.js modules, securely manages agent identities in `~/.rentahuman-identities` with appropriate file permissions (0o700 for directory, 0o600 for files), and communicates exclusively with the `https://rentahuman.ai/api` endpoint via HTTPS. It requires an API key for write operations, which is handled via an environment variable. The `SKILL.md` documentation provides clear, functional instructions for the AI agent without any evidence of prompt injection attempts or directives for malicious behavior. There are no external dependencies, obfuscation, or attempts at data exfiltration, persistence, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an API key is available, a mistaken or overly broad agent invocation could create paid task postings or hire/reject applicants on the user's RentAHuman account.
The included CLI performs immediate authenticated POST/PATCH calls that create bounties and accept applications, i.e. real-world hiring actions, without an in-tool confirmation or spending/approval boundary.
async "create-bounty" ... await authPost("/bounties", body) ... async "accept-application" ... action: "accept" ... await authPatch(`/bounties/${params.bountyId}/applications/${params.applicationId}`, body)Require explicit user confirmation for every bounty, message, and application decision, including budget, location, number of workers, deadline, and any personal details; use a low-limit or scoped API key if the service supports one.
A card-enabled or payment-enabled API key could give the agent access to sensitive payment information or payment-release capabilities if those documented tools are used.
The bundled API reference indicates the RentAHuman API-key ecosystem can expose payment-card details and payment release operations, which is broader financial authority than the top-level quick-start disclosure of posting bounties and messaging.
`get_card_details` ... Returns: Card number, CVV, expiry, current balance. ... `release_payment` Release payment to the worker's bank account.
Do not provide a card/payment-enabled API key unless required; prefer least-privilege keys, remove or separate payment-card tools from this skill, and require explicit user approval before any payment or card-detail operation.
The agent identity can persist across sessions and remain on disk after the user finishes using the skill.
The script generates and stores a persistent local private key for agent identity. The permissions are restrictive and the behavior supports the stated identity-verification purpose, but it is still a persistent credential.
const IDENTITIES_DIR = path.join(os.homedir(), ".rentahuman-identities"); ... privateKey: privDer.toString("base64") ... fs.writeFileSync(..., { mode: 0o600 });Document this storage clearly in SKILL.md and provide a cleanup/reset instruction for users who want to remove the local identity.
Users may assume the full referenced MCP toolset was reviewed with this skill when only the local CLI script is present.
The reviewed package contains no MCP server or install spec for rentahuman-mcp, so this reference points to capabilities outside the included code and reviewed install path.
Complete reference for all 37 MCP tools available through the `rentahuman-mcp` server.
Either include and pin the referenced MCP component for review or clearly state that references/API.md describes an external/unreviewed integration.
A reviewer or agent could see a slightly different rendering in raw source if control characters are present.
Unicode control characters can affect how text is displayed or reviewed. The neutralized artifact does not show a hidden instruction, so this is a presentation-integrity note rather than proof of malicious intent.
Pre-scan injection signals: unicode-control-chars; neutralizer reported controlCharactersRemoved: 2
Remove unexplained Unicode control characters from SKILL.md and re-publish a clean copy.