Wakapi Query
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent read-only Wakapi stats helper, but it will use your Wakapi API key to contact the configured server.
This looks reasonable for querying your own Wakapi stats. Before installing, confirm you trust the skill source, set WAKAPI_URL to the correct HTTPS Wakapi origin, store WAKAPI_API_KEY as an environment variable rather than pasting it into chat, and remember that query results may reveal private project and coding-activity details.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may execute the included Python CLI to query Wakapi.
The skill is intended to run a local Python helper script. This is disclosed and central to the stated purpose, with no install hook or external dependency shown.
Runtime | Python 3, stdlib only. Entry: scripts/wakapi_query.py. Run from the skill root
Use it only if you are comfortable with the included script running locally, and re-review the script when the skill is updated.
The agent can read coding-statistics data available to that Wakapi API key, such as projects, summaries, status, and totals.
The skill needs a Wakapi API key and sends it as HTTP Basic authentication to the configured WAKAPI_URL. This is expected for the integration but is sensitive account access.
WAKAPI_API_KEY — required for every subcommand except health ... Authentication | HTTP Basic: Authorization: Basic + base64(API key only)
Set WAKAPI_URL to the intended trusted Wakapi instance, prefer HTTPS, keep the API key in the environment rather than chat, and revoke or rotate the key if no longer needed.