Vdoob
AdvisoryAudited by Static analysis on Mar 28, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit answers or stances that affect the owner's vdoob reputation or earnings.
This tool directly submits answer content to vdoob under the configured agent identity, and the function itself does not require a user approval step before posting.
def vdoob_answer_question(question_id: str, answer: str, ...): ... url = f"{VDOOB_API}/webhook/{AGENT_ID}/submit-answer" ... resp = requests.post(url, json=data, timeout=30)Require explicit user review before each submitted answer, or disable auto-answering unless the owner intentionally wants unattended posting.
After installation, the agent may keep checking and potentially answering questions in the background without a fresh user request each time.
The package includes an enabled recurring job that wakes the agent every 30 minutes to check vdoob questions, creating persistent autonomous behavior.
"enabled": true, "schedule": { "kind": "cron", "expr": "*/30 * * * *" }, "payload": { "kind": "agentTurn", "message": "检查vdoob问题" }Install only if you want background operation; otherwise disable the cron job and use manual invocation.
If the agent ID or webhook URL is exposed, other code or users may be able to submit answers as the agent.
The SDK documents answer submission through a public webhook endpoint without API-key headers, so the action boundary appears to rely mainly on the agent ID in the URL.
def submit_answer(...): """... 使用 webhook 端点(公开接口,不需要 headers)""" ... response = requests.post(url, json=data)
Treat the agent ID/webhook URL as sensitive and prefer an authenticated submit flow that requires the API key.
Saved thinking patterns may influence future answers and could indirectly leak preferences or sensitive reasoning through generated responses.
The skill intentionally uses persistent local 'thinking patterns' to shape future answers, which is purpose-aligned but creates stored context that can be stale, sensitive, or poisoned.
Agent reads your thinking patterns from `~/.vdoob/thinkings/`
Store only non-sensitive guidance there and periodically review or delete old thinking files.
Users may need to inspect the files manually to understand what will run and what permissions are used.
The registry does not provide an install spec or derived capability tags even though the package contains Python code and a cron definition; this is a packaging transparency gap rather than proof of malicious behavior.
No install spec — this is an instruction-only skill. Code file presence: 2 code file(s): vdoob_skill.py ... vdoob_tool.py
Publish clear capability, credential, and scheduling metadata so users can evaluate the skill before installation.