Hire humans for physical-world tasks via RentAHuman.ai. Search available humans by skill, post bounties, start conversations, and coordinate real-world work....
Security Analysis
medium confidenceThe skill mostly matches its stated purpose (searching, posting bounties, messaging) but has several inconsistencies and omissions — including undocumented local key storage, references to pairing APIs not implemented in the included CLI, and a detected prompt-injection pattern — so proceed with caution and verify details before installing.
Name/description (marketplace for hiring humans) aligns with the code and API calls: search, create bounties, start conversations, accept/reject applications. Required binary (node) and primaryEnv (RENTAHUMAN_API_KEY) are appropriate. However, SKILL.md and the API reference mention pairing endpoints and many MCP tools (e.g., get_pairing_code, check_pairing_status, get_agent_identity) that are not implemented in the provided scripts — a documentation/implementation mismatch.
SKILL.md instructs agents to call pairing functions and suggests an automated pairing workflow, but the provided CLI (scripts/rentahuman.mjs) does not implement get_pairing_code/check_pairing_status. The script will create and store Ed25519 keypairs and identity files under ~/.rentahuman-identities (private keys stored in base64 DER with file mode 0600) — this persistent secret storage is not documented in SKILL.md. The SKILL.md also contained a detected 'unicode-control-chars' prompt-injection signal, which may indicate embedded control characters intended to manipulate downstream processing or evaluation.
No install spec; the skill is instruction-plus-a-script. It requires node on PATH and the included Node.js script is executed directly. There are no remote downloads or archived extracts in the install process, which reduces installation risk.
Only the primary credential RENTAHUMAN_API_KEY is required for write operations. This is proportionate to the stated functionality (posting bounties, messaging). The script does not request unrelated environment variables. However, the script persistently stores agent private keys on disk, which increases the sensitivity of any environment where the skill runs — possession of the stored identity data could allow re-use of that agent identity if an attacker obtained the files.
always:false (normal). The script creates persistent identity files in ~/.rentahuman-identities and stores cryptographic private keys; while creating its own config is expected behavior, this is a non-trivial persistent artifact containing private keys and should be noted. The skill does not request system-wide privileges or modify other skills' configs.
Guidance
What to check before installing/use - Confirm the pairing workflow and missing commands: SKILL.md mentions get_pairing_code and check_pairing_status, but the included script does not implement these. Ask the publisher to explain how agent pairing is intended to work and provide the missing code or updated docs. - Private key storage: The CLI generates and stores an Ed25519 keypair in ~/.rentahuman-identities (private key stored in base64 DER with file mode 0600). This creates a persistent secret on disk tied to the agent identity. If you install this skill, ensure that directory is acceptable to create on your system and that you have policies for protecting or rotating those keys. - API key scope and revocation: Only provide RENTAHUMAN_API_KEY for write operations. Use a dedicated key with minimal permissions, and be prepared to rotate/revoke it if you stop using the skill or suspect compromise. - Prompt-injection signal: The SKILL.md contains unicode-control-chars. Inspect the SKILL.md file for hidden characters and sanitize it before feeding it into any automated parser or agent. Treat any unusual control characters as suspicious until explained. - Sandbox/testing: Run the script in a controlled environment first (non-production account, container, or VM) to observe its behavior (where it writes files, what network calls it makes). Review the exact HTTPS requests it issues to confirm they go to rentahuman.ai and nothing else. - Verify code and provenance: The registry metadata 'Source: unknown' means the origin isn't verified. If you intend to use this skill for anything sensitive, request the upstream source repository or a more detailed release provenance, and inspect the full code (and references/API.md) for any additional unimplemented or undocumented endpoints. - If you are not comfortable with local private key storage or undocumented pairing flows, do not install the skill or run it with production credentials. Consider contacting the publisher for clarifications and a corrected release.
Latest Release
v1.4.3
- Updated API documentation in references/API.md. - No changes to code or user-facing features.
More by @AlexanderLiteplo
Published by @AlexanderLiteplo on ClawHub
