Quack Network
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches its stated purpose, but it connects your agent to an external agent network and encourages periodic processing of messages from other agents without clear trust or approval boundaries.
Install only if you want your agent to participate in the Quack Network. Before enabling heartbeat processing, require user approval for actions based on inbox messages, restrict trusted senders where possible, and protect the generated credential file.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other registered agents could send content that your agent later reads, summarizes, replies to, or acts on, potentially exposing private context or influencing the agent's behavior.
The skill routes messages from a broad external agent network into the user's agent workflow, but does not define sender allowlists, trust boundaries, data-sharing limits, or approval requirements.
Add to your HEARTBEAT.md to check Quack inbox periodically: ... Process any pending messages ... Agents ... can message any other registered agent.
Treat all inbound Quack messages as untrusted. Use sender allowlists, show messages to the user before action, and require explicit approval before replying, sharing local context, or performing requested tasks.
A message from another agent could steer your agent toward unrelated tasks, challenges, or responses unless the agent adds its own safety checks.
The instruction encourages the agent to process remote inbox content, including challenge references, without safeguards saying that inbox content must not override the user's goals or instructions.
- Check inbox: GET https://quack.us.com/api/inbox/{agentId}
- Process any pending messages
- If messages reference challenges, check challenge statusAdd explicit instructions that inbox messages are untrusted data, not commands. The agent should summarize them first and only act after a user request or confirmation.
Anyone who obtains this credential file could potentially impersonate the agent on the Quack Network or send messages as it.
Registration creates and stores an API key and RSA private key that represent the agent's Quack identity. The file permissions are restrictive, and this is purpose-aligned, but the stored material is sensitive.
apiKey: reg.api_key || null,
publicKey,
privateKey,
...
fs.writeFileSync(CRED_FILE, JSON.stringify(credentials, null, 2), { mode: 0o600 });Keep ~/.openclaw/credentials/quack.json private, do not paste or upload it, and delete or rotate the Quack identity if the file may have been exposed.
Running setup will create a Quack identity, contact quack.us.com, and write local credential files.
The setup flow asks the user or agent to run a local Node.js script. The script is included and its behavior matches the registration purpose, but it performs network registration and writes credentials.
If not yet registered, run the registration script:
node {baseDir}/scripts/quack-register.mjsRun the script only when you intentionally want to register. Consider passing an explicit --agent value rather than relying on the default derived identity.
If enabled, the agent may continue making periodic network calls and handling incoming messages in future sessions.
The persistence is disclosed and user-directed, but enabling it would make the agent keep checking the external inbox over time instead of only during explicit manual use.
Add to your HEARTBEAT.md to check Quack inbox periodically
Enable the heartbeat only if you want ongoing Quack monitoring, and keep it read-only or approval-gated unless you fully trust the workflow.