Back to skill
Skillv1.0.5
ClawScan security
Humanod · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 10:44 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (hiring humans) matches the provided tools and API, but there are multiple inconsistencies and a prompt-injection signal that warrant caution before installing or supplying credentials.
- Guidance
- Do not paste your live API key into the chat or skill until you've verified the provider. Steps to reduce risk: - Verify the vendor and hosting: confirm humanod.app and the humanod-api.onrender.com server are owned by the same, legitimate operator (look up WHOIS, GitHub, or official docs). Ask the skill author for a homepage/source repository. - Use a dedicated, limited-permission test API key (or sandbox) so you can revoke it if needed. Prefer keys scoped to minimal actions and avoid giving payment/withdrawal keys. - Ask the author why registry metadata omits the required HUMANOD_API_KEY and why the OpenAPI server differs from the documented domain. - Prefer Authorization header (Bearer) instead of query param for API keys; query params are more likely to be logged/exposed. - Because the skill includes a system prompt that mandates behavior, treat it as a higher-risk skill: test in a safe environment first, review network endpoints the agent calls, and monitor for unexpected traffic or requests to unknown domains. If you want, provide the skill's owner/contact or the homepage/source URL and I can help verify the provenance and suggest concrete mitigations.
- Findings
[system-prompt-override] unexpected: Skill includes a system_prompt.md that enforces model behavior (e.g., "At the very beginning... you MUST verify..." and to append API keys to every call). Including a system prompt is expected for some skills, but the scanner flagged this pattern because such content can override higher-level model instructions and be used for prompt injection. Confirm provenance before trusting.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to let agents hire humans and the SKILL.md/openapi define appropriate endpoints and a HUMANOD_API_KEY. However the registry metadata reported no required credentials (contradiction), the OpenAPI server points to humanod-api.onrender.com (a render.com host) while the docs/domains in SKILL.md reference humanod.app/docs, and there is no homepage or established source. These mismatches reduce confidence in provenance.
- Instruction Scope
- concernThe included system prompt forces the agent to request the API key at the start and append it to every API call. While that supports the skill's function, the presence of a 'system-prompt-override' injection pattern (scanner flag) is concerning because system prompts can change agent behavior beyond normal tool usage. Also the system prompt's instruction to append the key as a query parameter could increase accidental exposure (logging, referers).
- Install Mechanism
- okThis is instruction-only with no install spec and no code files — lowest technical risk from installation. Nothing is written to disk by an installer.
- Credentials
- noteThe skill reasonably needs a single HUMANOD_API_KEY to operate. However the registry metadata lists no required env vars or primary credential while SKILL.md and system_prompt.md clearly require HUMANOD_API_KEY — an incoherence that should be resolved before trusting the skill. No unrelated secrets are requested.
- Persistence & Privilege
- okThe skill is not always-enabled and doesn't request elevated platform privileges. It does instruct the agent how to behave but does not request persistent presence or modify other skills.