ClawHub

Humanpages

v1.1.0

Search and hire real humans for tasks — photography, delivery, research, and more

0· 430·0 current·0 all-time
by@human-pages-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (find and hire humans) align with the declared requirements: HUMANPAGES_AGENT_KEY is the expected service credential and npx is needed to run the humanpages CLI/MCP server. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md describes API-like actions (search, register_agent, create_job_offer, payment flows, webhooks) and does not instruct the agent to read unrelated system files or secrets. It does instruct the user/agent to record webhook secrets and wallet addresses and to perform on-chain USDC transfers — these are functional for the described payment flow but require user caution.
Install Mechanism
This is instruction-only with no install spec; the small start script execs `npx -y humanpages`. Using npx is a normal way to run a CLI, but note that npx will fetch and execute code from the npm registry at runtime, so you should trust the package source or pin a version if you require stricter supply-chain controls.
Credentials
Only a single credential (HUMANPAGES_AGENT_KEY) is required and declared as the primaryEnv. That is proportionate to an API-backed agent. No other tokens, keys, or unrelated env vars are requested.
Persistence & Privilege
Skill is not forced-always, is user-invocable, and permits autonomous invocation (the platform default). It does not request system-wide config changes or access to other skills' credentials. No persistence beyond the usual webhook/agent key artifacts is indicated.
Assessment
This skill appears coherent, but consider these practical precautions before installing: - Treat HUMANPAGES_AGENT_KEY like a secret: use a dedicated API key you can revoke and avoid exposing it elsewhere. - npx will download and execute the humanpages package at runtime; if you need stronger supply-chain guarantees, pin a specific package version or run in a sandboxed environment. - Webhook URLs and the webhook secret are sensitive — store them securely and only provide webhook URLs you control. The skill notes webhook secrets cannot be retrieved later. - Payments go to on-chain wallet addresses supplied by human profiles. Verify identity and reputation before sending USDC; do test transfers or escrow if available. - If you need more assurance about the upstream package, verify the npm package ownership and repository (humanpages) and prefer versions with reproducible releases.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ptn9ns5xg69h1xrsbtdxc182mdqk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnpx
EnvHUMANPAGES_AGENT_KEY
Primary envHUMANPAGES_AGENT_KEY

Comments