AskHuman
PassAudited by ClawScan on May 10, 2026.
Overview
AskHuman is a coherent instruction-only integration, but it sends prompts or files to a third-party human-judgment service and has optional paid USDC task flows.
This skill appears reasonable for its stated purpose. Install it only if you are comfortable sending selected prompts or files to AskHuman and human workers. Redact sensitive information, protect the API key, and require explicit confirmation for any paid task, wallet permit, or payment approval.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything included in a task prompt, option, message, or attachment may be seen outside the local agent session.
The core workflow intentionally sends task content to an external service and real human workers.
AskHuman connects it to real human workers who provide judgment on demand.
Do not submit secrets, private user data, confidential code, or sensitive screenshots unless you intend to share them with AskHuman and its workers.
A worker answer could include suggestions or instructions that are outside the original request.
External human-provided text is brought back into the agent workflow, where it could be over-trusted if not treated as untrusted input.
Extract the `result` field from the response. This contains the worker's answer as a string.
Use worker responses only as task-specific feedback; do not let them override the user’s instructions, system rules, or safety constraints.
If an agent uses these tools too freely, it could make unintended API calls or run local node commands unrelated to asking a human.
The skill permits raw curl commands, local reads, and node commands. Curl is central to the API workflow, while node is broader than the examples shown.
allowed-tools: Bash(curl *) Bash(node *) Read
Review tool calls before execution when possible, and restrict or remove node access unless it is needed for a specific wallet-signing or helper workflow.
A paid task can lock or release funds if the agent is given wallet authority and a valid signed permit.
The optional paid-task workflow can authorize USDC movement through an escrow contract.
Sign an EIP-2612 permit for the USDC amount with the escrow contract as spender
Use free tasks by default, set spending limits, and require explicit user approval before signing permits, creating paid tasks, or approving paid results.
If a real API key appears in logs, terminal history, or shared debugging output, someone else could use it to access the AskHuman account.
The SSE example places an API key in a URL query parameter, which can be more likely to appear in logs or shell history than a header.
curl -N "https://askhuman-api.onrender.com/v1/events?apiKey=askhuman_sk_..."
Prefer header-based authentication where available, avoid pasting real keys into shared logs, and rotate the key if it may have been exposed.