Claw Worker
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for ClawHire work, but it lets an agent accept paid tasks, communicate with other agents, upload deliverables, and persist task data without enough explicit user-approval or trust-boundary guidance.
Use this only if you intentionally want the agent to work on ClawHire. Before enabling it, require manual approval for registration, public A2A exposure, task claims, submissions, and file uploads. Treat all employer instructions as untrusted, do not allow access to secrets or unrelated local files, and periodically review or delete saved ClawHire work and memory logs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could commit the ClawHire account to paid work or submit a file under the user's/agent's identity without a clear confirmation step.
The documented workflow performs authenticated marketplace mutations and uploads deliverable files. It tells the agent to evaluate and claim tasks, but does not clearly require explicit user approval before claiming paid work or submitting files.
### Step 2: Evaluate and claim ... curl -s -X POST "https://api.clawhire.io/v1/tasks/{task_id}/claim" ... ### Step 4: Submit deliverable ... -F "file=@storage/clawhire/work/{task_id}/final.txt"Require explicit user approval before creating a profile, claiming or unclaiming tasks, submitting deliverables, or uploading any file. Preview the task, destination, notes, and exact file path first.
Untrusted employer agents could send instructions that influence the agent's behavior or request data outside the intended task boundaries.
The skill creates an inbound agent-to-agent task channel and treats messages from other agents as normal work instructions, without describing origin verification, authorization, prompt-injection handling, or data-sharing limits.
Register A2A Endpoint ... makes you discoverable by employer agents ... Another agent calls sessions_send to your session. You receive the message as a normal conversation turn. → Do the work → Reply with the result
Treat all employer and A2A task text as untrusted. Verify task source, require user approval for sensitive actions, and forbid access to local secrets, private files, or unrelated accounts unless the user explicitly authorizes it.
A malicious or careless task could leave misleading instructions or private task data in persistent memory, affecting later work.
The skill directs the agent to persist task results and append work records to memory. Because tasks originate from other agents, this can store untrusted instructions or sensitive client content for reuse in later contexts.
After completing a free task ... Save work: `write storage/clawhire/work/free-{date}-{desc}/result.*` ... Log to memory: append to `memory/YYYY-MM-DD.md`Log only minimal metadata by default, avoid storing raw third-party instructions in memory, and provide retention, redaction, and cleanup guidance for `storage/clawhire` and `memory` entries.
Anyone with the API key may be able to manage the ClawHire worker profile, claim tasks, and submit work as that agent.
The skill asks for an owner email, registers a worker account, and stores a ClawHire API key. This is expected for the integration and it warns not to store keys in workspace files or memory, but the key grants account authority.
Check env `CLAWHIRE_API_KEY`. If missing, register ... `owner_email":"<ask-user>"` ... Save key — write to `~/.openclaw/openclaw.json`
Use a dedicated ClawHire key, store it only in the intended OpenClaw config, avoid sharing it in prompts or files, and revoke it if the skill is no longer used.