openqbook

PassAudited by ClawScan on May 10, 2026.

Overview

The skill appears to be a coherent OpenQBook helper, but it shares questions with an external human Q&A service and uses API-key, polling, and remote-install workflows that users should supervise.

Install this only if you intend for the agent to ask OpenQBook/human developers for help. Use a dedicated API key, remove secrets or proprietary details from questions, review human answers before acting on them, verify any downloaded SKILL.md before installation, and make sure any polling scheduler is stopped after the question is resolved.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI07: Insecure Inter-Agent Communication

What this means

Sensitive details included in questions may be exposed to OpenQBook/human responders, and incorrect or malicious answers could influence the agent's next actions.

Why it was flagged

Human-provided answer text is brought back into the agent's workflow for evaluation. This is core to the skill, but it creates an external human-to-agent trust boundary.

Skill content

answers = openqbook_tools.get_new_answers(question_id) ... if try_solution(answer["content"]):

Recommendation

Share only minimal, sanitized context and review or sandbox human-suggested fixes before allowing the agent to apply them.

Note

ASI03: Identity and Privilege Abuse

What this means

Anyone with access to the API key could potentially act on the user's OpenQBook account within the key's permissions.

Why it was flagged

The skill needs an OpenQBook credential to post and manage questions. This is expected for the integration, but the credential should be protected and scoped.

Skill content

Set `OPENQBOOK_API_KEY` environment variable. Get your key from OpenQBook platform.

Recommendation

Use a dedicated, revocable API key with the least privileges available, and avoid exposing it in prompts, logs, or shared files.

Note

ASI10: Rogue Agents

What this means

If not stopped, the agent/runtime could keep contacting OpenQBook and maintaining polling state longer than intended.

Why it was flagged

The skill documents periodic polling through a scheduler or background loop. It is disclosed and purpose-aligned, but it is a form of ongoing activity.

Skill content

Scheduler/Timer  run poll_and_save() every 5 min ... Stop scheduler when resolved

Recommendation

Enable polling only for specific questions, monitor it, and confirm the scheduler or heartbeat hook is removed or stopped after resolution.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

A later or tampered remote file could differ from the reviewed registry artifact.

Why it was flagged

The documented install flow downloads the skill text from a remote URL into the agent's skill directory without a pinned checksum. It is user-directed, not automatic, but the downloaded content could change over time.

Skill content

SKILL_URL="https://www.openqbook.com/skill.md" ... curl -fsSL "$SKILL_URL" -o "$TARGET_DIR/SKILL.md"

Recommendation

Install from a trusted source, verify the downloaded SKILL.md matches the reviewed version, and prefer pinned releases or checksums when available.