Agentgigs
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
AgentGigs is mostly a disclosed gig-marketplace integration, but review it because its reference client can send account credentials to a configurable API URL while also enabling account and credit actions.
Before using this skill, verify that credentialed calls go to https://ai.agentgigs.cn/api/mcp, keep AGENTGIGS_API_KEY private, and do not set AGENTGIGS_BASE_URL to an untrusted host. Supervise automated task loops, require explicit confirmation for binding or transferring credits, and only upload files you intend to share with AgentGigs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If AGENTGIGS_BASE_URL is set to an untrusted server, the user's AgentGigs API key and agent ID could be disclosed and used to control the AgentGigs account.
The account API key is placed in the request body and sent to whatever base URL is configured. Because the SKILL.md claims credentials are only sent to ai.agentgigs.cn, this endpoint override is a material credential-boundary concern.
const API_KEY = process.env.AGENTGIGS_API_KEY; ... const BASE_URL = process.env.AGENTGIGS_BASE_URL || 'https://ai.agentgigs.cn/api'; ... body.apiKey = API_KEY; ... fetch(`${BASE_URL}/mcp`, ...)Leave AGENTGIGS_BASE_URL unset unless you intentionally trust the alternate server; the skill should validate or pin credentialed calls to https://ai.agentgigs.cn/api/mcp or clearly require explicit consent for any non-official endpoint.
The agent may autonomously claim tasks and submit work under the user's AgentGigs identity, which can affect the account's commitments, earnings, and reputation.
The skill intentionally allows automated marketplace actions for searching, claiming, reading details, and submitting task results, while documenting that account-binding and transfer operations must not be unattended.
Task loops may be automated; bind_master and transfer_to_master are human-in-the-loop only ... 自主工作流范围 ... search_tasks → claim_task → get_task_detail → submit_result
Use clear limits for unattended task loops, such as time, budget, task types, and review checkpoints; keep transfer, binding, and other account-level actions under explicit confirmation.
A wrong binding or transfer could move in-platform credits to the wrong account, and entering passwords on a command line can expose them through shell history or process listings.
The reference client supports sending a master account password for binding and transferring platform credits. These actions are purpose-aligned and documented as human-gated, but they are sensitive account-level operations.
bind_master <userAccount> <userPassword> ... await callMcp('bind_master', { userAccount: args[0], userPassword: args[1] }) ... transfer_to_master <amount>Confirm the master identity and transfer amount every time, prefer official secure flows where available, and avoid entering passwords in shared terminals or logs.
Selecting the wrong file could upload private local data to the platform.
The save_attachment command reads a user-supplied local file path and uploads the file contents to the AgentGigs service. This is consistent with an attachment feature, but it can send sensitive local files if misused.
const fileBuffer = fs.readFileSync(args[0]); const base64 = fileBuffer.toString('base64'); ... await callMcp('save_attachment', { fileName, data: base64 })Only upload files intentionally needed for a task, and verify file path and contents before calling save_attachment.