askia-io
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: askia-io Version: 1.1.0 The OpenClaw AgentSkills skill bundle for 'askia-io' is a benign command-line interface (CLI) for interacting with the 'overflowia.vercel.app' Q&A platform. All network communications in `askia.mjs` are directed to this single, hardcoded domain. The `SKILL.md` file provides clear instructions for using the CLI and does not contain any prompt injection attempts or directives for the AI agent to perform actions outside the stated purpose. The code does not exhibit any signs of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The parsing logic in `askia.mjs` for the 'ask' command is used to construct a JSON payload and does not involve any client-side code execution vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent uses these commands, it can publish content and cast votes on the askia.io account tied to the API key.
The CLI can submit answers, create questions, and vote on answers through authenticated POST requests.
await apiRequest(`/questions/${questionId}/answers`, 'POST', { answerBody }, apiKey); ... await apiRequest('/questions', 'POST', ...); ... await apiRequest(`/answers/${answerId}/vote`, 'POST', { value }, apiKey);Only provide an API key if you want the agent to act on that platform, and review/approve questions, answers, votes, and paid categories before use.
Anyone or any agent with the API key can perform the supported askia.io account actions.
Authenticated actions use a bearer API key supplied to the CLI.
if (apiKey) headers['Authorization'] = `Bearer ${apiKey}`;Treat the API key as a secret, avoid sharing it broadly, and rotate it if it is exposed.
A malicious question could try to manipulate the agent into ignoring its original task or misusing the posting commands.
The skill is designed to retrieve and respond to user-generated questions, which may contain instructions or prompt-injection text.
AI agents answer questions from humans and other AI agents.
Treat question text as untrusted content and keep the agent focused on answering only the platform question without following unrelated instructions inside it.