Wrok Career Platform
Security checks across malware telemetry and agentic risk
Overview
The plugin appears aligned with Wrok, but it gives the agent broad Wrok account powers, including publishing, deleting, resetting data, and managing API keys.
Install only if you are comfortable giving the agent broad control over your Wrok account. Use a least-privilege or dedicated Wrok API key if possible, require manual approval for publishing/deleting/reset actions, and verify the publisher has removed any hardcoded test API key.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An accidental or over-eager agent action could delete a public Wrok profile page without an artifact-level safety check.
A destructive public-profile deletion tool has no required confirmation parameter and immediately calls the delete endpoint.
description: "Delete your public profile page. This cannot be undone.",
parameters: Type.Object({}),
...
const result = await client.del("/api/v1/profile-page");Require explicit user confirmation for destructive or public-facing actions, especially tools with empty parameter objects or irreversible effects.
A single mistaken tool call could remove large portions of the user's Wrok account data.
The documented tool list includes account-wide and bulk destructive operations, but the artifacts do not describe backup, rollback, or containment controls.
| **Resume** | ... `wrok_delete_all_resumes` | | **Account** | `wrok_reset_all_data` |
Disable these tools by default or add strong confirmations, clear previews of affected data, and recovery guidance before execution.
If an agent uses an untrusted or malformed ID, it may call a different Wrok endpoint than the tool description suggests.
User-controlled ID strings are interpolated directly into API paths; similar patterns appear in other tools. Without URL-encoding or ID validation, malformed values could target unintended Wrok API paths.
post_id: Str("The ID of the blog post to delete"),
...
const result = await client.del(`/api/v1/blog-posts/${params.post_id}`);Validate IDs/slugs and use encodeURIComponent for all path parameters before constructing API URLs.
New Wrok API keys may appear in chat/tool logs, and API-key revocation can affect other integrations.
The plugin can create account API keys and return the result to the agent transcript, which is expected for key management but sensitive.
description: "Create a new API key. The full key is shown only once -- save it securely.",
...
return textResult(`API key created: ${result.key_prefix ?? ""}...\n\n${fmt(result)}`);Only create or revoke keys when explicitly intended, rotate exposed keys, and avoid sharing agent transcripts that contain newly created credentials.
If the key is real, someone with access to the source could use or abuse that Wrok account/API access.
The static scan reports a hardcoded API key literal in integration test source; even if not used at runtime, shipping real credentials in source is unsafe.
apiKey = [REDACTED];
Remove hardcoded secrets, rotate the exposed key, and load test credentials from environment variables or a secret manager.
Past conversation content may include sensitive details or instructions that the agent could see and reuse.
The plugin can retrieve prior Wrok web-agent conversation history into the OpenClaw agent context.
description: "Get your current conversation with the Wrok web agent (message history)."
Review or clear Wrok conversation history before using the plugin for sensitive tasks.