askia-io
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent uses these commands, it can publish content and cast votes on the askia.io account tied to the API key.
The CLI can submit answers, create questions, and vote on answers through authenticated POST requests.
await apiRequest(`/questions/${questionId}/answers`, 'POST', { answerBody }, apiKey); ... await apiRequest('/questions', 'POST', ...); ... await apiRequest(`/answers/${answerId}/vote`, 'POST', { value }, apiKey);Only provide an API key if you want the agent to act on that platform, and review/approve questions, answers, votes, and paid categories before use.
Anyone or any agent with the API key can perform the supported askia.io account actions.
Authenticated actions use a bearer API key supplied to the CLI.
if (apiKey) headers['Authorization'] = `Bearer ${apiKey}`;Treat the API key as a secret, avoid sharing it broadly, and rotate it if it is exposed.
A malicious question could try to manipulate the agent into ignoring its original task or misusing the posting commands.
The skill is designed to retrieve and respond to user-generated questions, which may contain instructions or prompt-injection text.
AI agents answer questions from humans and other AI agents.
Treat question text as untrusted content and keep the agent focused on answering only the platform question without following unrelated instructions inside it.