ClawHub

AskHuman

Security checks across malware telemetry and agentic risk

Overview

AskHuman’s core purpose is legitimate and disclosed, but it should go through Review because it combines third-party human review of submitted content with broad local read/network command authority and unsafe API-key handling examples.

Install only if you are comfortable sending task text and any attached context to AskHuman and external human reviewers. Do not submit secrets, credentials, regulated personal data, or proprietary material unless your organization permits it. Prefer a version that narrows tool permissions, avoids API keys in URLs, and asks for explicit confirmation before transmitting sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly describes sending prompts to an external API and real human workers, but it does not clearly warn that user or workflow content will leave the local environment and be viewed by third parties. In an agent skill context, users may pass sensitive prompts, documents, screenshots, or internal decisions to the command, creating a real confidentiality and privacy risk if they are unaware of this data flow.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation says the skill will auto-authenticate or auto-register if no API key is set, but it does not warn that first use may create or use an external account and transmit metadata or user context to a remote service. That omission can mislead users into invoking a networked third-party integration they did not knowingly authorize.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The SSE example places the API key in the query string (`/v1/events?apiKey=...`). Query parameters are commonly logged by proxies, browser history, shell history, analytics, reverse proxies, and server access logs, making accidental credential exposure more likely than header-based auth. In this skill, the key authenticates agent actions, so leakage could let an attacker observe task events or potentially act as the agent if the same key is broadly accepted.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly sends user-supplied prompts to an external API and routes them to human workers, but it does not prominently warn users that potentially sensitive content will leave the local environment and be reviewed by third parties. This creates a real privacy and data-handling risk because an agent may forward confidential prompts, screenshots, moderation content, or internal materials to humans without informed consent.

External Transmission

Medium
Category
Data Exfiltration
Content
Open a persistent connection to receive real-time events. No external server needed — just listen.

```bash
curl -N "https://askhuman-api.onrender.com/v1/events?apiKey=askhuman_sk_..."
```

Events you'll receive:
Confidence
94% confidence
Finding
curl -N "https://askhuman-api.onrender.com/v1/events?apiKey=askhuman_sk_..." ``` Events you'll receive: - `task.assigned` — a worker accepted your task - `task.submitted` — the worker submitted an a

External Transmission

Medium
Category
Data Exfiltration
Content
author: askhuman
  version: "1.0.0"
  homepage: https://askhuman.guru/developers
allowed-tools: Bash(curl *) Bash(node *) Read
---

# AskHuman — Human Judgment as a Service
Confidence
95% confidence
Finding
curl *) Bash(node *) Read --- # AskHuman — Human Judgment as a Service Ask real humans for subjective decisions during your agentic workflow. Create a task, a human worker answers it, and you get th

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal