Rentaclaw

Security checks across malware telemetry and agentic risk

Overview

Rentaclaw is a disclosed marketplace-management skill that uses a Rentaclaw API key to publish and manage agent listings as advertised.

Install this only if you intend to let an agent manage Rentaclaw listings. Keep the API key in a credential store, and verify listing names, descriptions, prices, agent IDs, and pause/resume actions before approving changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to collect agent metadata and pricing, then send it to Rentaclaw via listing and update actions, but it does not clearly warn the user at the point of use that this information will be transmitted to an external third-party service. This creates a meaningful transparency and consent issue: users may disclose unpublished agent details, business metadata, or operational information without realizing it will leave the local agent environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal