ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Manus AI Agent

v1.0.1

Create and manage AI agent tasks via Manus API. Manus is an autonomous AI agent that can browse the web, use tools, and deliver complete work products.

7· 3.6k·0 current·1 all-time
by@joelchance
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (create/manage Manus agent tasks) match the requested resources: curl and jq for HTTP/JSON work and a single MANUS_API_KEY. The script talks only to api.manus.ai and the flows (create, poll, list, download) align with an API client.
Instruction Scope
SKILL.md instructs use of the bundled scripts and explicitly documents behavior. The script only reads MANUS_API_KEY, calls the Manus API, polls status, and downloads files referenced in task outputs. It does not read other system files or environment variables, nor does it attempt to upload local files or modify system configuration.
Install Mechanism
Instruction-only skill with a small bundled bash script; no install spec and no external archive downloads. No high-risk install mechanisms observed.
Credentials
Only a single credential (MANUS_API_KEY) is required and used directly to authenticate requests to the Manus API. That is proportional to the client's functionality.
Persistence & Privilege
Skill is not always-on, and model invocation is disabled (agent cannot invoke autonomously). The skill does not attempt to change other skills or system-wide settings.
Assessment
This skill appears to do what it says: it sends prompts to api.manus.ai and downloads result files. Before use: (1) review the bundled scripts (already included) and confirm you are comfortable with the API endpoint and header usage, (2) consider using a Manus API key with minimal scope and rotate/revoke it if needed, (3) be cautious opening downloaded files (they come from URLs returned by the API and may be arbitrary content), and (4) if you need stronger guarantees, test with a non-production API key and check network logs to verify requests go only to Manus domains.

Like a lobster shell, security has layers — review code before you run it.

latestvk977w8h9gkarx2cr1mk34r2b2581gghf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binscurl, jq
EnvMANUS_API_KEY
Primary envMANUS_API_KEY

Comments