Rent-A-Human-Agent + Bounty Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill fits its stated RentAHuman workflow, but it needs review because it can route broad hiring requests into paid/account-changing actions and third-party data sharing without clear confirmation boundaries.

Install only if you trust the publisher and are comfortable giving the skill RentAHuman and xAI access, plus Telegram access if enabled. Use explicit /rent commands, review every bounty post, message, acceptance, booking, and price before submission, and inspect or pin the external Telegram helper code before using the Telegram bot integration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises and instructs use of capabilities that access environment variables, read/write local files, and perform network operations, but it does not declare permissions up front. That weakens user and platform trust boundaries because the skill can handle API keys, write cache files, and send data externally without explicit capability disclosure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented behavior overstates what the skill does and omits materially relevant actions such as Telegram exfiltration of results and local caching. A user may authorize the skill expecting bounded RentAHuman delegation features, while the actual implementation introduces additional data flows and incomplete workflow support that can mislead consent and oversight.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill sends bounty titles, descriptions, pricing, location flags, and skills to x.ai for scoring, which is a third-party service outside the core RentAHuman platform. That creates a data-sharing boundary the user may not expect from a delegation skill and could expose sensitive or proprietary job details to an external model provider.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README advertises optional Telegram notifications but does not clearly disclose that bounty details, rankings, and potentially location- or profile-derived information may be transmitted to Telegram, a third-party service. Users may enable the feature without understanding the data flow, creating avoidable privacy and compliance risk, especially because the skill ranks opportunities using location and skills data.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Broad trigger phrases like 'hire someone' or 'human assistant' can cause unintended activation in ordinary conversation, which is risky for a skill that can invoke external services and potentially send messages or process API-backed operations. Accidental activation increases the chance of unnecessary network requests, exposure of task details to third parties, or confusing autonomous behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The auto-activation rule applies whenever a user wants to hire a person, post a job, or delegate a task, which is too general for a skill with external integrations and messaging features. This broad activation condition can route sensitive user requests into a third-party workflow without a precise opt-in, increasing privacy and unintended-action risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Bounty descriptions are included in the outbound prompt to x.ai without an inline warning or consent checkpoint at the point of transmission. If postings contain personal contact details, confidential task information, or sensitive business context, this code silently forwards that content to a third party.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill can automatically forward scan results to Telegram, which is an external messaging platform, without a clear user-facing warning at the send site. Even if the content is derived from public postings, the generated digest may include rankings, IDs, and commentary that a user may not intend to transmit outside the local tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal