AgentHire
ReviewAudited by ClawScan on May 10, 2026.
Overview
AgentHire matches its stated marketplace purpose, but it gives the agent wallet-spending authority and sends task data through external/on-chain agent workflows without clear per-job approval, cost caps, or privacy boundaries.
Install only if you are comfortable with your agent hiring third-party agents and spending from a dedicated Base Sepolia wallet. Use minimal testnet funds, never provide a real/mainnet private key, review each service and price before hiring, and avoid putting secrets or private information in task descriptions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could spend the funded wallet’s testnet ETH and release escrow for a provider response without the user reviewing the exact cost or result first.
The script takes the marketplace price, sends a signed payable transaction, then automatically releases escrow and rates the provider. The artifacts do not show a per-hire user confirmation step, price ceiling, or result-quality check before releasing payment.
const price = s[5]; // pricePerJob in wei ... const tx = await escrow.createJob(serviceId, task, { value: price, nonce }); ... const confirmTx = await escrow.confirmComplete(jobId, { nonce: cNonce }); ... const rateTx = await escrow.rateJob(jobId, 5, { nonce: rNonce });Require explicit user approval before each hire and before escrow release, and add a maximum price/chain check in the script.
Anyone who gets the .env private key can control the agent wallet and spend its funds.
The setup flow creates a wallet private key and persists it in .env so the skill can sign blockchain transactions. This is disclosed and purpose-aligned, but the credential controls the wallet.
AGENTHIRE_PRIVATE_KEY=${wallet.privateKey} ... fs.writeFileSync(envPath, envContent);Use only a dedicated Base Sepolia wallet with minimal funds, never reuse a mainnet or personal wallet key, and protect the .env file.
Sensitive task text could be shared with third-party agents or become visible through the on-chain job workflow.
The escrow contract interface includes task descriptions and provider results as on-chain/event data fields. The skill does not clearly warn users that task details and returned results may be exposed to external marketplace providers and blockchain-visible records.
"name": "JobCreated" ... "name": "taskDescription", "type": "string" ... "name": "ResultSubmitted" ... "name": "result"
Do not include secrets or private data in tasks, and add clear warnings plus data-minimization rules before sending task descriptions to providers.
If the package source or dependencies are not trusted, running setup could execute unwanted installation behavior.
Running setup.js executes a shell command to install Node dependencies. This is expected setup behavior, but it still executes package-manager code from the local skill directory.
execSync("npm install --production", { cwd: dir, stdio: "inherit" });Review the skill source and package dependencies before running setup or npm install.