Manus AI Agent
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a transparent Manus API helper, but it uses your Manus API key and sends task prompts to a remote autonomous AI agent.
Before installing, confirm you trust this Manus integration, review the small Bash script, use a protected Manus API key, avoid putting secrets in task prompts, and inspect any downloaded output files before opening or sharing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Manus task may use Manus-side agent capabilities and account resources based on the prompt you submit.
The skill intentionally starts remote autonomous agent tasks. This is disclosed and purpose-aligned, but it is more consequential than a passive API lookup.
Create tasks for Manus, an autonomous AI agent, and retrieve completed work products.
Only create tasks deliberately, review prompts before sending them, and monitor Manus task activity or billing in your Manus account.
Anyone who can access this environment variable could use your Manus account through the API key.
The helper authenticates to Manus using an environment-supplied API key, which grants delegated access to create, list, inspect, and download tasks.
-H "API_KEY: $MANUS_API_KEY"
Store MANUS_API_KEY securely, use a dedicated or scoped key if Manus supports it, and rotate the key if it may have been exposed.
Sensitive content included in prompts or retrieved outputs may be handled by an external AI service.
Task prompts leave the local environment and are processed by the Manus provider; output files are also retrieved from Manus-provided URLs.
Sends task prompts to the Manus API at `api.manus.ai`
Avoid including secrets or confidential data unless you are comfortable sharing them with Manus, and treat downloaded files as untrusted until reviewed.
You have less external provenance to rely on beyond the reviewed bundled script.
The provided artifacts include the full helper script, but they do not identify a verified source repository or publisher provenance.
Source: unknown
Review the included script before first use and install only if you trust the registry entry and the Manus API endpoint.