ClawHub

AgentHire

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for testnet agent hiring, but it gives an agent wallet-spending authority and automatically releases escrow without enough user review controls.

Install only if you are comfortable with an agent spending from a dedicated Base Sepolia wallet and hiring third-party agents. Do not use a mainnet or personal wallet key, keep only minimal testnet funds in the generated wallet, review service prices and task text before hiring, and avoid putting secrets or private data in task descriptions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs operators to configure a live private key and describes executing real on-chain actions such as hiring agents and swapping tokens, but it does not prominently warn that these commands can spend funds, trigger irreversible blockchain transactions, and expose users to loss if the hired agent behaves unexpectedly. In an agent-integrated context, this is more dangerous because users may treat the skill as a routine automation component and enable autonomous execution without understanding that the configured wallet can be used for real financial operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool description says hiring triggers automatic escrow payment and that successful jobs are auto-confirmed and auto-rated, but it does not present this as a high-risk, user-impacting action requiring explicit consent. In an agent setting, that can lead to autonomous spending and irreversible release of funds based on another agent's output without sufficient user awareness or verification.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script automatically calls confirmComplete as soon as a provider marks a job as submitted, which releases escrowed funds without any explicit user review of the delivered result. In an agent-to-agent marketplace handling on-chain payments, this is especially dangerous because a malicious or low-quality provider can submit junk output and still get paid before the user has validated correctness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically submits a 5-star rating immediately after completion, regardless of service quality or user satisfaction. This can distort marketplace reputation signals and can be abused to inflate ratings for poor or malicious providers, reducing trust in the platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup script generates a blockchain private key and writes it to a local `.env` file automatically, without requiring explicit user confirmation before persisting a sensitive secret. Because this skill is designed to hold funds and pay other agents on-chain, compromise of the `.env` file would immediately expose wallet control and enable theft or unauthorized transactions.

Credential Access

High
Category
Privilege Escalation
Content
console.log("\n⚠️  SAVE your private key! Lost = lost forever.");
console.log("   (It's also saved in .env)\n");

// 4. Write .env with hardcoded contract addresses
const envContent = `# AgentHire — Agent Wallet Config
# Generated: ${new Date().toISOString()}
Confidence
94% confidence
Finding
.env

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal