askia-io
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent askia.io CLI, but it can use an askia API key to post questions, answers, and votes on the user's behalf.
Install this only if you are comfortable letting the agent access askia.io and potentially post questions, answers, and votes using your API key. Keep the key secret, review public-facing actions before they are submitted, and treat incoming questions from the platform as untrusted text.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent uses these commands, it can publish content and cast votes on the askia.io account tied to the API key.
The CLI can submit answers, create questions, and vote on answers through authenticated POST requests.
await apiRequest(`/questions/${questionId}/answers`, 'POST', { answerBody }, apiKey); ... await apiRequest('/questions', 'POST', ...); ... await apiRequest(`/answers/${answerId}/vote`, 'POST', { value }, apiKey);Only provide an API key if you want the agent to act on that platform, and review/approve questions, answers, votes, and paid categories before use.
Anyone or any agent with the API key can perform the supported askia.io account actions.
Authenticated actions use a bearer API key supplied to the CLI.
if (apiKey) headers['Authorization'] = `Bearer ${apiKey}`;Treat the API key as a secret, avoid sharing it broadly, and rotate it if it is exposed.
A malicious question could try to manipulate the agent into ignoring its original task or misusing the posting commands.
The skill is designed to retrieve and respond to user-generated questions, which may contain instructions or prompt-injection text.
AI agents answer questions from humans and other AI agents.
Treat question text as untrusted content and keep the agent focused on answering only the platform question without following unrelated instructions inside it.