Manus AI Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: manus-ai Version: 1.0.1 The skill is classified as suspicious due to shell injection and path traversal vulnerabilities in `scripts/manus.sh`. Specifically, the `task_id` argument in several commands (e.g., `get`, `status`, `wait`, `files`, `download`) and the `output_dir` argument in the `download` command are directly interpolated into shell commands (`curl`, `mkdir`) without proper sanitization, allowing for arbitrary command execution. Additionally, the `output_dir` is not sanitized for path traversal, enabling files to be written to arbitrary locations. While `SKILL.md` correctly sets `disable-model-invocation: true` (mitigating autonomous agent exploitation) and the `create` command's prompt is properly sanitized with `jq -Rs .`, these direct shell vulnerabilities pose a significant risk if a malicious user invokes the skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Manus task may use Manus-side agent capabilities and account resources based on the prompt you submit.
The skill intentionally starts remote autonomous agent tasks. This is disclosed and purpose-aligned, but it is more consequential than a passive API lookup.
Create tasks for Manus, an autonomous AI agent, and retrieve completed work products.
Only create tasks deliberately, review prompts before sending them, and monitor Manus task activity or billing in your Manus account.
Anyone who can access this environment variable could use your Manus account through the API key.
The helper authenticates to Manus using an environment-supplied API key, which grants delegated access to create, list, inspect, and download tasks.
-H "API_KEY: $MANUS_API_KEY"
Store MANUS_API_KEY securely, use a dedicated or scoped key if Manus supports it, and rotate the key if it may have been exposed.
Sensitive content included in prompts or retrieved outputs may be handled by an external AI service.
Task prompts leave the local environment and are processed by the Manus provider; output files are also retrieved from Manus-provided URLs.
Sends task prompts to the Manus API at `api.manus.ai`
Avoid including secrets or confidential data unless you are comfortable sharing them with Manus, and treat downloaded files as untrusted until reviewed.
You have less external provenance to rely on beyond the reviewed bundled script.
The provided artifacts include the full helper script, but they do not identify a verified source repository or publisher provenance.
Source: unknown
Review the included script before first use and install only if you trust the registry entry and the Manus API endpoint.