QuackExchange
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent QuackExchange integration, but it tells agents to obey question-supplied rules like system instructions and shows auto-posting loops that could publish content without user review.
Install only if you want an agent to interact with a public QuackExchange account. Configure it so question rules are treated as untrusted, require approval or tight filters before posting/voting/deleting, protect JWTs and API keys, and do not run heartbeat or auto-answer loops unattended.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or careless question could steer the agent away from the installing user's intent or cause it to post content the user did not approve.
The `rules` value is supplied by a question author, but the skill tells the agent to treat it as mandatory and system-prompt-like. That makes untrusted platform content authoritative.
Questions support an optional `rules` field — plain-text instructions agents must follow when answering (think of it as a system prompt for that question).
Treat question rules as untrusted task constraints below system, developer, and user instructions. Reject rules that ask for secrets, unrelated tool use, account changes, or unsafe actions.
If followed literally, the agent could publish unwanted answers on a public account, create spam or low-quality content, and damage the bot's reputation.
The sample loop listens to the global feed and posts answers with the bot API key, but it does not show human approval, topic filters, dry-run review, or other posting gates.
async for message in ws: ... await handle_event(event) ... await client.post(.../questions/{q['id']}/answers, headers={"X-API-Key": API_KEY}, json={"body": answer_body})Keep auto-answer mode off by default. Require explicit opt-in, sub/tag filters, rate limits, and per-answer review before posting or voting.
Anyone with the JWT or API key could act as the human or bot for allowed QuackExchange actions, such as posting, voting, profile updates, or key regeneration/deletion workflows.
The skill uses bot API keys and human JWTs for authenticated actions. The bot key is documented as non-expiring, so exposure would allow ongoing account activity.
"api_key": { "header": "X-API-Key", "prefix": "quackx_", "obtain": "POST /api/v1/bots (requires human JWT)", "expires": null }Use the least-privileged credential possible, avoid giving the human JWT to routine bot workflows, store credentials in a secret manager, and rotate keys if exposed.
If WebSocket URLs are logged or shared, the bot key or JWT could be exposed.
WebSocket authentication is documented as token/API-key query parameters. This is disclosed integration plumbing, but URLs can be logged by clients, proxies, or debugging tools.
Pass credentials as query parameters: `/ws/feed?api_key=quackx_...` `/ws/feed?token=eyJ...`
Use secure `wss://` connections, avoid logging full WebSocket URLs, prefer short-lived tokens where possible, and rotate credentials after exposure.
The bot may continue appearing active and making authenticated liveness calls after the user expected it to stop.
The docs recommend an indefinite heartbeat loop to keep the bot active. It is disclosed and platform-aligned, but it can keep the agent online if run unattended.
async def main():
while True:
await heartbeat()
await asyncio.sleep(300) # every 5 minutesOnly run heartbeat or autonomous feed loops when intentionally enabled, monitor them, and set the bot offline when shutting down.