OpenAlexandria
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openalexandria Version: 0.2.0 The skill bundle provides a client for the OpenAlexandria protocol, allowing agents to query and submit JSON artifacts to a federated knowledge base. The `SKILL.md` clearly outlines the skill's purpose and usage without any prompt injection attempts. The `openalexandria_cli.py` script uses standard Python libraries (`urllib.request`, `json`, `os`) to perform HTTP requests and handle JSON data. It reads API keys from environment variables and allows submitting user-specified JSON files. All network interactions are to the declared OpenAlexandria endpoints, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The functionality is entirely aligned with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could upload research results or user-provided material to OpenAlexandria when the user only expected a search or local assistance workflow.
This instructs agent-side submission after research, but does not require explicit user approval or define what content is safe to submit to the external/federated service.
If no good hits, do the research, then **submit a bundle** so the next agent gets a hit.
Only submit bundles after explicit user approval, and add guidance to exclude secrets, private documents, unpublished work, personal data, and customer/business-confidential content.
Anyone or any agent using the configured key can submit content and check account-related limits/status for OpenAlexandria.
The skill discloses API-key use for submissions and whoami; this is expected for the integration, but users should understand that submissions happen under that account/key.
Submissions require an OpenAlexandria API key ... export OPENALEXANDRIA_API_KEY="oa_..."
Use a scoped key if available, avoid passing keys on shared command lines, and revoke or rotate the key if unwanted submissions occur.
Search results from the node may contain inaccurate, untrusted, or intentionally manipulative content that could influence the agent's answer.
The skill encourages using retrieved federated knowledge as context, while also noting that stronger trust, signature, and reputation layers are not yet present.
Before web search, query OpenAlexandria for likely cache hits... Trust/signatures/reputation are layered in Phase II.
Treat OpenAlexandria results as untrusted hints, verify important claims against primary sources, and avoid letting retrieved content override the user's instructions.