ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Human-Rent

v0.1.1

Human-as-a-Service for OpenClaw - Dispatch verified human agents to perform physical world tasks and sensory validation

0· 255·0 current·0 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, required binaries (node/npm), and required environment variables (ZHENRENT_API_KEY, ZHENRENT_API_SECRET, ZHENRENT_BASE_URL) are coherent with a Node.js CLI that calls a third‑party 'ZhenRent' human‑dispatch API. However, registry metadata claims 'instruction-only / no install spec' while the package clearly contains a full CLI implementation (bin/ and lib/ JS files). Also the SKILL.md and many documentation files claim version v0.2.1 while the registry metadata lists v0.1.1 — this metadata mismatch is unexplained and suspicious.
Instruction Scope
SKILL.md and the other docs describe normal actions for a human‑dispatch service: prompting user confirmation before dispatch, sample dispatch/status/humans commands, HMAC signing, SSRF protection, and a clear do-not-use-for-illegal warning. The runtime instructions do not appear to request unrelated env vars or to exfiltrate unrelated files. That said, the skill enables real monetary charges and physical actions; the docs also expose an AUTO_CONFIRM flag that will bypass interactive consent if set — a potentially dangerous operational configuration if enabled unintentionally.
Install Mechanism
No external install spec (no downloads) is provided — the package is self-contained, which is lower risk. But the registry claims 'instruction-only' while code is included; the presence of many internal docs and a cleanup script that deletes files (including itself) is unusual packaging behavior. The cleanup script will remove files from the repository when run; this is not inherently malicious but is a destructive operation that should not be run without inspection.
Credentials
The required env vars are limited and appropriate for the claimed API integration (API key, secret, base URL). That level of access is proportionate to dispatching real-world workers. However, these credentials grant the ability to create paid tasks and/or access results; the user must treat them as sensitive (rotate keys, use least-privilege keys, do not enable auto-confirm in shared/automated agents).
Persistence & Privilege
The skill does not request always:true and does not declare unusual system privileges. Autonomous invocation is allowed (platform default). Because the skill can dispatch real humans and charge money, combining autonomous invocation with HUMAN_RENT_AUTO_CONFIRM or a compromised API secret could cause real monetary or physical-world consequences — the user should ensure confirmation behavior is enforced in their environment and avoid auto-confirm in untrusted agents.
What to consider before installing
This package appears to implement a legitimate Human-as-a-Service CLI, but there are red flags you should address before installing or supplying credentials: 1) Metadata mismatch: files claim v0.2.1 while registry lists v0.1.1 — ask the publisher which is authoritative and why versions differ. 2) Verify provenance: get the upstream repository or signed release (GitHub release, official vendor page) and confirm checksums against that source. 3) Inspect code (lib/api-client.js, lib/dispatch.js): confirm SSRF whitelist, HMAC signing, and that ZHENRENT_BASE_URL validation blocks private IPs as claimed. 4) Do NOT run cleanup-for-upload.sh or any provided removal script until you review what it will delete and you have a safe working copy. 5) Treat ZHENRENT_API_SECRET as highly sensitive: test the CLI in an isolated account with a least-privilege, low‑budget API key to avoid unexpected charges. 6) Avoid setting HUMAN_RENT_AUTO_CONFIRM=true in production or on agents that can act autonomously; require interactive confirmation or instrument explicit operator approval. 7) If you cannot verify the publisher or the code, run the package in an isolated sandbox/container and monitor network calls (to ensure endpoints are legitimate) before supplying production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk973fvxzk1991eq9704edzh6t18435an

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm
EnvZHENRENT_API_KEY, ZHENRENT_API_SECRET, ZHENRENT_BASE_URL
Primary envZHENRENT_API_KEY

Comments