Human-Rent
Security checks across malware telemetry and agentic risk
Overview
This skill is mostly clear about dispatching paid human workers, but its high-impact physical-world actions can be auto-confirmed and its documentation includes an unsafe shell-integration example.
Install only if you intend to let OpenClaw request paid real-world human tasks. Keep HUMAN_RENT_AUTO_CONFIRM off, review every dispatch, set clear budgets and task boundaries, protect the API key/secret, and do not copy the documented child_process.exec integration pattern without replacing it with safe argument-based process execution.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If auto-confirm is enabled, an agent could dispatch human workers and incur costs without a fresh user confirmation for each task.
Dispatching humans creates real-world actions and charges. The documented auto-confirm mode can remove the per-dispatch approval guardrail in automated or agent-driven contexts.
This skill ALWAYS requires explicit user confirmation... The user will be charged... For non-interactive use, set: export HUMAN_RENT_AUTO_CONFIRM=true # Use with caution
Keep auto-confirm disabled unless the environment has separate approval, budget caps, and monitoring. Require explicit user approval before every dispatch involving payment, physical visits, calls, or document handling.
A malicious or malformed user request could cause unintended local shell commands to run in an application that follows this example.
The integration example builds a shell command from the task instruction and location, then passes it to child_process.exec. If those values contain shell metacharacters, copied code could allow command injection.
const cmd = `human-rent dispatch "${instruction}" ${options.location ? `--location="${options.location}"` : ''}`; ... exec(cmd, ...)Use child_process.spawn or execFile with an argument array, validate inputs, and avoid interpolating user/model text into shell commands.
Anyone or any process with these environment variables may be able to use the ZhenRent account according to the key permissions.
The skill needs provider credentials to authenticate dispatch/status API calls. This is expected for the stated service, but it grants access to a paid external account.
requires: env: - ZHENRENT_API_KEY - ZHENRENT_API_SECRET - ZHENRENT_BASE_URL
Use a dedicated low-scope API key if available, rotate it regularly, and avoid exposing these variables to unrelated tools or agents.
Private addresses, contact details, images, or document contents may be shared with ZhenRent and assigned workers as part of normal operation.
The core workflow sends task instructions, locations, and potentially photos, call details, or document scans through an external service to human workers.
AI Agent → Human-Rent Skill → Human Worker → Physical Task → Verified Result → AI Agent
Only send information necessary for the task, avoid sensitive documents unless required, and confirm the provider's privacy, consent, and worker-vetting policies before use.
Users may be unsure which version they are installing or whether the documentation matches the code actually installed.
The artifacts show inconsistent versioning across registry metadata and documentation, which makes provenance and release state harder to verify.
Registry metadata: Version: 0.1.1 ... SKILL.md front matter: version: 0.2.1 ... INSTALLATION.md: Human-Rent v0.2.0
Align registry metadata, SKILL.md, package files, and installation documentation to a single version before distribution.