ClawHub

Rentahuman

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real RentAHuman integration, but it gives agents broad financial, payment-card, credential, and real-world coordination powers that are not fully scoped in the top-level skill description.

Install only if you deliberately want an agent to coordinate paid real-world work through RentAHuman. Keep the API key unavailable until needed, require explicit user approval before posting bounties, messaging humans, hiring, releasing funds, using card or wallet tools, or linking accounts, and do not allow the agent to reveal, log, or reuse raw card details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documented API surface materially exceeds the skill's stated purpose of coordinating physical-world task hiring. It includes credential administration, prepaid card access, escrow funding, peer-to-peer transfers, wallet operations, Slack account linking, and agent self-registration, which create powerful financial and account-management capabilities that an agent could invoke outside the user's expected scope.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The API key management endpoints let the skill create and revoke credentials, which is not necessary for ordinary task coordination. If misused, an agent could rotate, create, or revoke keys and disrupt access or expand persistent access beyond the user's intent.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
Exposing full prepaid card details, including card number, CVV, and expiry, gives the agent raw payment credentials rather than a constrained payment primitive. That enables unauthorized purchases, exfiltration of card data, and fraud well beyond the skill's stated purpose of arranging human work.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
General-purpose transfer and wallet functions let the skill move money to arbitrary recipients outside the context of hiring a human for a specific task. This broadens the blast radius from task coordination to unrestricted fund movement, increasing the chance of fraud, social engineering, or unintended payments.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
Slack account-linking and self-service registration introduce identity and onboarding operations unrelated to the advertised task-hiring function. These features can be abused to bind accounts, create new agent identities, or expand access paths without clear user expectation.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description uses very broad invocation language such as 'when the user needs something done in the physical world,' which can cause the agent to select this skill for a wide range of ordinary requests. Because this skill enables contacting and paying real humans for real-world tasks, over-triggering can lead to unnecessary external actions, privacy exposure, or unintended transactions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script generates and persists an Ed25519 private key to ~/.rentahuman-identities without any explicit user warning, consent prompt, or lifecycle guidance. Although the file and directory are created with restrictive permissions, silently storing durable authentication material on disk can surprise users, increase the blast radius of local compromise, and leave long-lived credentials behind on shared or managed systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal