Qordinate - Durable lists, facts, and reminders for OpenClaw agents.
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Qordinate is a coherent memory/productivity integration, but it gives the agent broad persistent access to Qordinate data, connected apps, and account-changing actions through one natural-language tool without clear scoping or confirmation controls.
Install only if you are comfortable giving OpenClaw broad access to your Qordinate account. Use a dedicated expiring API key, avoid storing secrets, confirm destructive or sharing actions manually, and periodically review saved memories, connected apps, reminders, and automations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make broad changes to Qordinate data or trigger connected-app workflows if it sends an overly broad or mistaken natural-language request.
A single natural-language tool is described as a full-power interface to the account. The same artifact lists create/read/update/delete documents, sharing documents, connected apps, and automations, but does not define confirmation or safety boundaries for high-impact actions.
The agent talks to Qordinate's AI agent through a single powerful tool — `query_agent` ... can do everything a user interacting directly with Qordinate can do
Use only with explicit user confirmation for destructive, sharing, connected-app, or automation actions; prefer scoped prompts and review changes before applying them.
A compromised or misused agent session could expose or modify documents, contacts, tasks, and data from linked services under the user's Qordinate account.
The API key delegates broad account access, including connected apps. The artifacts do not describe scoped permissions, read-only modes, per-action consent, or limits on what connected services can be used.
Auth Method | Bearer token — `Authorization: Bearer qk_YOUR_API_KEY` ... The agent has access to the user's documents, contacts, lists, web search, and all connected apps.
Create a dedicated, expiring API key where possible, limit connected apps, and revoke the key when no longer needed.
Incorrect, sensitive, or maliciously influenced information could be stored and later reused by the agent as trusted context.
The skill encourages persistent storage and reuse of agent context as authoritative memory. The artifacts do not describe retention limits, review controls, data minimization, or how poisoned or incorrect stored information should be corrected.
Treat Qordinate as the source of truth ... Offload anything the user will care about later ... use `session_id` for related queries
Store only information the user intentionally wants retained, periodically review Qordinate memory, and avoid saving secrets or unverified instructions.
Automations or reminders may continue acting after the original task, potentially causing repeated or unexpected effects.
The skill can create persistent scheduled or event-triggered behavior. This is disclosed and purpose-aligned, but the artifact does not specify lifecycle controls, review steps, or limits to prevent unintended ongoing actions.
Set up automations that run on schedules or triggers ... Qordinate manages reminders and notifications over time
Require explicit confirmation before creating automations and regularly review, disable, or expire them.