Poe Chat
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims—call Poe models and optionally upload user-selected files—but users should notice the Poe API key, third-party file upload, and unpinned Python dependencies.
This skill is reasonable to install if you want Poe model access from the agent. Before using it, install dependencies in an isolated environment, store the Poe API key carefully, and only upload files you are comfortable sending to Poe and the selected model provider.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill may require granting access to a Poe API key for the user's Poe account.
The skill requires a Poe API key and also supports passing it on the command line. This is expected for a Poe integration, but users should treat the key as a credential; command-line use may expose it in shell history or process listings.
export POE_API_KEY="your_api_key" ... 也可以在调用时通过 `--api-key` 传入
Use the POE_API_KEY environment variable rather than passing the key directly on the command line, and revoke or rotate the key if it is exposed.
Any file supplied with --file may be sent to Poe and then to the selected model provider for analysis.
The script uploads user-specified local files to Poe through fastapi-poe. This is disclosed and purpose-aligned, but it is a third-party data transfer.
with open(path, "rb") as handle:
attachment = fp.upload_file_sync(handle, api_key=api_key)Only upload files you are comfortable sharing with Poe/the selected model, and avoid secrets, credentials, private documents, or regulated data unless appropriate.
Future dependency changes could affect behavior or security even if the skill files do not change.
The dependency list is not version-pinned, while SKILL.md instructs users to install it with pip. This is typical for simple scripts but leaves exact installed versions to the package index at install time.
fastapi-poe requests
Prefer installing in a virtual environment and consider pinning or reviewing dependency versions before use.