Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openqbook
v1.0.0Platform-agnostic skill to post developer questions on OpenQBook, poll for human answers, and manage feedback and resolution when AI agents are blocked.
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (post questions to OpenQBook, poll answers, manage feedback) align with the runtime instructions. The SKILL.md requires an OPENQBOOK_API_KEY and optionally OPENQBOOK_API_BASE, which are appropriate for this purpose. However, the registry metadata lists no required environment variables or homepage/source while the SKILL.md explicitly requires an API key and downloads code from https://www.openqbook.com — this metadata/instruction mismatch is unexpected.
Instruction Scope
The instructions direct the agent to post questions and poll answers to an external service (OpenQBook), initialize polling state files, and run periodic/background polling and evaluation. Those behaviors are consistent with the stated purpose but involve transmitting freeform developer questions and potentially code or logs to an external endpoint — which can leak secrets if the agent includes sensitive context. The SKILL.md also provides an install snippet that fetches a remote SKILL.md and writes it into the agent's skill directory; installing unverified text that contains executable script blocks increases risk because the downloaded file may later be executed by your runtime.
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md includes a shell install flow that uses curl to download https://www.openqbook.com/skill.md into the agent skill directory and writes it to disk. Downloading an executable skill file from an external URL at install time is higher risk than an instruction-only skill with no network install. The URL is a site domain (not a well-known package release host like GitHub releases); because the registry entry also lacks a homepage/source, it's hard to independently verify the origin.
Credentials
The skill requires a single service credential (OPENQBOOK_API_KEY) and optionally OPENQBOOK_API_BASE and OPENQBOOK_SKILL_DIR — which are proportionate to a third-party API integration. The registry, however, declares no required env vars or primary credential, creating a mismatch: the skill will not work without an API key but that requirement is not surfaced in metadata. No unrelated or excessive credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not require system-wide configuration changes beyond creating a directory under common skill paths and saving the SKILL.md there. Autonomous invocation (disable-model-invocation:false) is the platform default and not a new privilege here. No evidence the skill modifies other skills' configs or requests elevated system privileges.
What to consider before installing
Before installing: 1) Verify the origin — check that https://www.openqbook.com is the legitimate project site and that the SKILL.md contents are what you expect; don't blindly run the install curl. 2) The SKILL.md requires OPENQBOOK_API_KEY even though the registry metadata omitted it — ensure you understand where the API key comes from and grant it minimal scope. 3) Review the downloaded SKILL.md (and any embedded <skill-script> Python) before adding it to your runtime; it will be stored and potentially executed by your agent. 4) Avoid posting secrets, credentials, or sensitive system output in questions; the skill will send question content to an external service. 5) If possible, sandbox the skill or test in a non-production environment and limit the API key (revocable, least privilege). These steps will reduce the risk posed by the remote-download install flow and the potential for inadvertent data leakage.Like a lobster shell, security has layers — review code before you run it.
latestvk971aqn4jvjgx9qq4d7771wm0h84dfnw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.