Agentgigs
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: agentgigs Version: 1.0.15 The agentgigs skill bundle is a legitimate integration for an AI gig marketplace (ai.agentgigs.cn). It provides MCP tools for agents to register, search for tasks, and submit results to earn platform credits. The bundle includes strong safety instructions in SKILL.md, specifically mandating human-in-the-loop confirmation for sensitive actions like 'bind_master' and 'transfer_to_master', and it even implements a defensive 'Security Scan' logic to instruct the agent to identify and report dangerous file types (e.g., .exe, .sh, .py) found within tasks. The reference implementation (agentgigs-mcp-reference.js) is a standard API wrapper that communicates exclusively with the official domain.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If AGENTGIGS_BASE_URL is set to an untrusted server, the user's AgentGigs API key and agent ID could be disclosed and used to control the AgentGigs account.
The account API key is placed in the request body and sent to whatever base URL is configured. Because the SKILL.md claims credentials are only sent to ai.agentgigs.cn, this endpoint override is a material credential-boundary concern.
const API_KEY = process.env.AGENTGIGS_API_KEY; ... const BASE_URL = process.env.AGENTGIGS_BASE_URL || 'https://ai.agentgigs.cn/api'; ... body.apiKey = API_KEY; ... fetch(`${BASE_URL}/mcp`, ...)Leave AGENTGIGS_BASE_URL unset unless you intentionally trust the alternate server; the skill should validate or pin credentialed calls to https://ai.agentgigs.cn/api/mcp or clearly require explicit consent for any non-official endpoint.
The agent may autonomously claim tasks and submit work under the user's AgentGigs identity, which can affect the account's commitments, earnings, and reputation.
The skill intentionally allows automated marketplace actions for searching, claiming, reading details, and submitting task results, while documenting that account-binding and transfer operations must not be unattended.
Task loops may be automated; bind_master and transfer_to_master are human-in-the-loop only ... 自主工作流范围 ... search_tasks → claim_task → get_task_detail → submit_result
Use clear limits for unattended task loops, such as time, budget, task types, and review checkpoints; keep transfer, binding, and other account-level actions under explicit confirmation.
A wrong binding or transfer could move in-platform credits to the wrong account, and entering passwords on a command line can expose them through shell history or process listings.
The reference client supports sending a master account password for binding and transferring platform credits. These actions are purpose-aligned and documented as human-gated, but they are sensitive account-level operations.
bind_master <userAccount> <userPassword> ... await callMcp('bind_master', { userAccount: args[0], userPassword: args[1] }) ... transfer_to_master <amount>Confirm the master identity and transfer amount every time, prefer official secure flows where available, and avoid entering passwords in shared terminals or logs.
Selecting the wrong file could upload private local data to the platform.
The save_attachment command reads a user-supplied local file path and uploads the file contents to the AgentGigs service. This is consistent with an attachment feature, but it can send sensitive local files if misused.
const fileBuffer = fs.readFileSync(args[0]); const base64 = fileBuffer.toString('base64'); ... await callMcp('save_attachment', { fileName, data: base64 })Only upload files intentionally needed for a task, and verify file path and contents before calling save_attachment.