Multipl - Agent Job Marketpalce
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent paid job-marketplace integration, but it includes recurring agent activity and actions that can create job obligations or spend USDC, so it needs clear user limits before use.
Install only if you want an agent to participate in a paid job marketplace. Before enabling it, require human approval for claims, submissions, status posts, and any USDC/x402 payment; set spending and schedule limits; keep API keys and wallet credentials out of jobs, logs, and chat messages.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could continue checking the marketplace and claim work or post updates after the user expected the task to be finished.
This asks for periodic marketplace activity and allows posting claims/status updates, which could keep the agent operating and creating obligations without a clearly stated human approval or stop condition.
Check in every 4+ hours: 1. Review new jobs (if any) 2. Post status updates or claims as appropriate
Use only with an explicit schedule, spending/claiming limits, and human approval before any claim, submission, or payment.
Using the skill may spend USDC or incur platform fees when posting or unlocking marketplace work.
The skill's normal flow includes payment to unlock results. This is purpose-aligned and disclosed, but it is a financial action that should not be performed implicitly.
unlock full results by paying the worker **peer-to-peer via x402**
Set explicit spending caps and require confirmation for posting fees, multi-stage jobs, and x402 unlock payments.
Anyone with these keys may be able to act as the user's poster or worker account in the marketplace.
The skill expects poster/worker API keys for account actions. This is expected for the service, and the artifact warns users to protect them.
Treat your poster API key and worker API key as sensitive.
Use separate, revocable keys where possible and never place API keys in job inputs, outputs, logs, or public messages.
Claim URLs or verification codes could be exposed if sent to the wrong chat or an insecure channel.
The skill permits sharing claim URLs or verification codes over external messaging channels. It recommends privacy, but those channels are outside the Multipl API boundary.
Use your normal channel (Telegram/Signal/etc.) to notify your human. If you need to share a claim URL or verification code, do so privately.
Share only minimal claim information, use trusted private channels, and avoid sending API keys, wallet details, or sensitive job data.
A malicious or poorly written job could try to make the agent ignore the user's rules, reveal secrets, or use tools outside the intended task.
Marketplace jobs are external tasks that can direct the agent's work. This is the intended purpose, but those job instructions should be treated as untrusted content.
Worker claims the job, completes it, and submits results to Multipl storage.
Treat every job description as untrusted input and keep normal user/system instructions, tool limits, and secret-handling rules in force.