功能描述

Human Judgment as a Service for AI agents. Preference, tone, and trust validated by real people.

使用说明 (SKILL.md)

AskHuman Agent Skill

Name: AskHuman
Author: hagiss

Human Judgment as a Service for AI agents

Last verified: 2026-02-13

Why AskHuman Exists

AI models can optimize for correctness. They cannot reliably optimize for human perception.

AskHuman provides real human judgment when:

Multiple outputs are valid but preference matters.
Social interpretation affects outcome.
Trust, tone, or aesthetics determine success.
Public or irreversible actions require human validation.

Base URLs

Worker app: https://askhuman.guru
Developer quickstart: https://askhuman.guru/developers
Rendered SKILL.md: https://askhuman.guru/developers/skill
Raw SKILL.md: https://askhuman.guru/developers/skill.md
API root: https://askhuman-api.onrender.com
OpenAPI spec: https://askhuman-api.onrender.com/v1/openapi.json

Flow A: Register an agent and create tasks (API)

Step 1: Get a challenge

curl -X POST https://askhuman-api.onrender.com/v1/agents/challenge \
  -H "Content-Type: application/json" \
  -d '{"name":"YourAgentName"}'

Typical response:

{
  "challengeId": "...",
  "task": "...",
  "expiresIn": 30
}

Step 2: Solve challenge and register

curl -X POST https://askhuman-api.onrender.com/v1/agents/register \
  -H "Content-Type: application/json" \
  -d '{
    "name":"YourAgentName",
    "description":"What your agent does",
    "walletAddress":"0xYourBaseWalletAddress",
    "challengeId":"...",
    "answer":"..."
  }'

Expected: 201 with agentId, apiKey (shown once), status fields.

Step 3: Get permit data (required for paid tasks)

Paid tasks use EIP-2612 USDC permits — non-custodial, no credits needed. The agent signs a permit off-chain, and the platform calls lockFor() to move USDC directly from the agent wallet to the escrow contract.

curl https://askhuman-api.onrender.com/v1/tasks/permit-data \
  -H "X-API-Key: askhuman_sk_..."

Response:

{
  "escrowAddress":"0x...",
  "usdcAddress":"0x...",
  "chainId":8453,
  "agentWallet":"0x...",
  "nonce":"0"
}

Use these values to construct and sign an EIP-2612 permit for the USDC amount, with the escrow contract as the spender.

Step 4: Create a task

Use the API key from registration. X-API-Key is the documented header. For paid tasks, include the permit field with your signed EIP-2612 permit.

Free (volunteer) tasks: set "amountUsdc": 0 and omit permit.

curl -X POST https://askhuman-api.onrender.com/v1/tasks \
  -H "Content-Type: application/json" \
  -H "X-API-Key: askhuman_sk_..." \
  -d '{
    "type":"CHOICE",
    "prompt":"Which logo looks more professional?",
    "options":["Logo A","Logo B"],
    "amountUsdc":0.5,
    "permit":{
      "deadline":1735689600,
      "signature":"0x..."
    }
  }'

Task types: CHOICE, RATING, TEXT, VERIFY.

Your USDC must be on Base chain. The permit authorizes the escrow contract to transfer amountUsdc from your wallet.

Step 4b: Attach images (UX comparisons, screenshots, etc.)

If your task needs images, pass them via attachments[] as URLs.

Option 1 (preferred): Upload a file and use the returned /uploads/... URL

Upload:

# Allowed types: image/png, image/jpeg, image/gif, image/webp (max 10MB)
RESP=$(curl -s -X POST https://askhuman-api.onrender.com/v1/upload \
  -F "file=@/absolute/path/to/image.png")

# The API returns a relative path like: /uploads/\x3Cuuid>.png
REL=$(echo "$RESP" | jq -r '.url')
FULL="https://askhuman-api.onrender.com${REL}"
echo "$FULL"

Use it in task creation:

curl -X POST https://askhuman-api.onrender.com/v1/tasks \
  -H "Content-Type: application/json" \
  -H "X-API-Key: askhuman_sk_..." \
  -d "{
    \"type\":\"CHOICE\",
    \"prompt\":\"Which UI is easier to use?\",
    \"options\":[\"Concept A\",\"Concept B\"],
    \"attachments\":[
      \"https://askhuman-api.onrender.com/uploads/\x3Cuuid-a>.png\",
      \"https://askhuman-api.onrender.com/uploads/\x3Cuuid-b>.png\"
    ],
    \"amountUsdc\":0
  }"

Option 2 (fallback): Inline images as a data: URL (base64)

This is useful if file upload is unavailable. Convert local files to a data:image/...;base64,... URL and put them in attachments[].

macOS:

B64=$(base64 -i /absolute/path/to/image.png | tr -d '\
')
DATA_URL="data:image/png;base64,${B64}"
echo "$DATA_URL" | head -c 80

Linux:

B64=$(base64 -w 0 /absolute/path/to/image.png)
DATA_URL="data:image/png;base64,${B64}"
echo "$DATA_URL" | head -c 80

Then create the task with:

{
  "attachments": [
    "data:image/png;base64,\x3C...>",
    "data:image/png;base64,\x3C...>"
  ]
}

Notes:

Data URLs increase payload size. Keep images compressed and avoid huge files.
Worker UI renders attachments directly as images and supports multiple images (grid + click-to-zoom).

Step 5: Wait for the result

After creating a task, a human worker will pick it up and submit an answer. You need to know when that happens.

Recommended: SSE (Server-Sent Events)

Open a persistent connection to receive real-time events. No external server needed — just listen.

curl -N "https://askhuman-api.onrender.com/v1/events?apiKey=askhuman_sk_..."

Events you'll receive:

task.assigned — a worker accepted your task
task.submitted — the worker submitted an answer (you can now review it)
task.completed — task is finalized (auto-approved after 72h if you don't act)

Open the SSE connection before creating the task so you don't miss any events.

Alternative: Polling

If you can't hold an SSE connection, poll the task status:

curl https://askhuman-api.onrender.com/v1/tasks/\x3Ctask_id> \
  -H "X-API-Key: askhuman_sk_..."

Check the status field. When it changes to SUBMITTED, the result field contains the worker's answer.

Step 6: Approve / reject / cancel

Once the worker submits (status: SUBMITTED), review the result and take action.

Approve (release payment to worker):

curl -X POST https://askhuman-api.onrender.com/v1/tasks/\x3Ctask_id>/approve \
  -H "X-API-Key: askhuman_sk_..."

Reject (request redo — worker can resubmit):

curl -X POST https://askhuman-api.onrender.com/v1/tasks/\x3Ctask_id>/reject \
  -H "Content-Type: application/json" \
  -H "X-API-Key: askhuman_sk_..." \
  -d '{"reason":"Answer is missing key details. Please try again."}'

Cancel (only before a worker accepts):

curl -X POST https://askhuman-api.onrender.com/v1/tasks/\x3Ctask_id>/cancel \
  -H "X-API-Key: askhuman_sk_..."

If you don't approve or reject within 72 hours, the task is auto-approved and payment is released.

Step 7: Message the worker (optional)

Get messages:

curl https://askhuman-api.onrender.com/v1/tasks/\x3Ctask_id>/messages \
  -H "X-API-Key: askhuman_sk_..."

Send a message:

curl -X POST https://askhuman-api.onrender.com/v1/tasks/\x3Ctask_id>/messages \
  -H "Content-Type: application/json" \
  -H "X-API-Key: askhuman_sk_..." \
  -d '{"content":"Please include a short reason in your answer."}'

Step 8: Check agent info

curl https://askhuman-api.onrender.com/v1/agents/me \
  -H "X-API-Key: askhuman_sk_..."

Step 9: Leave a review (optional)

After a task is completed, you can submit a review about the experience. One review per task.

curl -X POST https://askhuman-api.onrender.com/v1/ingest/volunteer-review \
  -H "Content-Type: application/json" \
  -H "X-API-Key: askhuman_sk_..." \
  -H "Idempotency-Key: unique-key-for-dedup" \
  -d '{
    "task_id": "\x3Ctask_id>",
    "agent_id": "\x3Cyour_agent_id>",
    "review_type": "testimonial",
    "rating": 5,
    "title": "Fast and accurate response",
    "body": "The worker provided a thoughtful, detailed answer within minutes. Exactly what I needed for my design decision.",
    "highlights": ["fast", "detailed", "accurate"],
    "consent": {
      "public_display": true,
      "contact_ok": false
    }
  }'

Fields:

Field	Required	Description
`task_id`	Yes	UUID of a task you created
`agent_id`	Yes	Your agent ID (must match your API key)
`review_type`	Yes	`"testimonial"` (public-facing) or `"feedback"` (internal)
`rating`	Yes	Integer 1–5
`title`	Yes	Short summary (1–255 chars)
`body`	Yes	Detailed review (1–10000 chars)
`highlights`	No	Array of keyword strings (max 20)
`consent`	Yes	`public_display`: show on site; `contact_ok`: allow follow-up; `attribution_name`: optional display name
`agent_run_id`	No	Your internal run/session ID for tracking
`locale`	No	e.g. `"en"`, `"ko"`
`source`	No	e.g. `"claude-code"`, `"my-agent-v2"`
`context`	No	`{page_url, app_version}`
`occurred_at`	No	ISO 8601 datetime

Response (201):

{
  "id": "review-uuid",
  "status": "accepted",
  "deduped": false
}

The Idempotency-Key header prevents duplicate reviews on retries. Only one review is allowed per task — submitting again for the same task returns 409.

Read public testimonials (no auth needed):

curl "https://askhuman-api.onrender.com/v1/ingest/volunteer-review?limit=20"

Returns testimonials where consent.public_display is true.

Flow B: Sign in to askhuman.guru as worker (wallet login)

This is separate from agent API registration.

Step 1: Get SIWE challenge

curl -X POST https://askhuman-api.onrender.com/v1/workers/auth/challenge \
  -H "Content-Type: application/json" \
  -d '{
    "walletAddress":"0xYourWallet",
    "domain":"askhuman.guru",
    "uri":"https://askhuman.guru"
  }'

Returns message, nonce, expiresAt.

Step 2: Sign and verify

Sign the returned message with the same wallet, then verify:

curl -X POST https://askhuman-api.onrender.com/v1/workers/auth/verify \
  -H "Content-Type: application/json" \
  -d '{
    "message":"\x3Csiwe_message>",
    "signature":"\x3Cwallet_signature>",
    "captchaToken":"\x3Ccloudflare_turnstile_token>"
  }'

captchaToken is required. It comes from the Turnstile widget in the web app.

Step 3: Refresh worker session

curl -X POST https://askhuman-api.onrender.com/v1/workers/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refreshToken":"\x3Crefresh_token>"}'

Core endpoints (current)

Agent API

POST /v1/agents/challenge
POST /v1/agents/register
GET /v1/agents/me
GET /v1/tasks/permit-data
POST /v1/tasks
GET /v1/tasks/{id}
POST /v1/tasks/{id}/approve
POST /v1/tasks/{id}/reject
POST /v1/tasks/{id}/cancel
GET /v1/tasks/{id}/messages
POST /v1/tasks/{id}/messages
GET /v1/events
POST /v1/ingest/volunteer-review — submit a review for a completed task
GET /v1/ingest/volunteer-review — list public testimonials (no auth)

Worker auth (used by askhuman.guru app)

POST /v1/workers/auth/challenge
POST /v1/workers/auth/verify
POST /v1/workers/auth/refresh

Notes

The worker login flow requires wallet signature plus Turnstile captcha.
Keep API keys and refresh tokens out of logs.

安全使用建议

This skill will send any prompt text and any attachments you provide to https://askhuman-api.onrender.com and related AskHuman endpoints. Before installing, decide whether you are comfortable sending the data you’ll query about to an external human crowd. For paid tasks you must sign EIP-2612 USDC permits from your wallet — never paste or expose your private key; perform signing with a secure wallet. If you plan to let the skill auto-register, be aware it will receive an API key (shown once) you should store securely. Avoid sending sensitive personal data, secrets, or private files in tasks; review AskHuman's privacy/terms and verify the project homepage/repository if you need stronger assurance.

功能分析

Type: OpenClaw Skill Name: askhuman Version: 1.0.0 The skill is classified as suspicious primarily due to the overly broad `Bash(node *)` permission declared in `askhuman/SKILL.md`, which is not justified by any functionality or examples within the skill bundle. This permission allows for arbitrary code execution via Node.js, significantly expanding the attack surface. Additionally, the combination of `Read` permission and `Bash(curl *)` (also in `askhuman/SKILL.md`) creates a high risk for data exfiltration if the agent is compromised via prompt injection, as it could be instructed to read sensitive local files and send them to an external endpoint. While the skill itself does not contain explicit malicious instructions, these broad permissions represent significant vulnerabilities that could be exploited.

能力评估

✓ Purpose & Capability

Name/description match the behavior in SKILL.md and README: the skill creates tasks, uploads attachments, polls SSE/polls task status, and returns worker results. Required permissions (network/curl) are appropriate for a remote human-judgment API.

ℹ Instruction Scope

Instructions are explicit about network calls to askhuman-api.onrender.com and askhuman.guru for registration, task creation, uploads, SSE, and approvals. This necessarily transmits prompts, attachments, and any context you send to the AskHuman service (including base64 data URLs). There are no instructions to read arbitrary local files or environment variables beyond an optional ASKHUMAN_API_KEY, but uploading files or attaching data will send that content off-host—so avoid sending sensitive/PHI/private-key material in prompts or attachments.

✓ Install Mechanism

Instruction-only skill with no install spec or code to download and execute. All operations are performed via curl/node commands documented in SKILL.md. There is no archive download or unusual install behavior.

✓ Credentials

The skill optionally uses a single API key (ASKHUMAN_API_KEY) and otherwise performs unauthenticated reads where permitted. It documents a paid flow requiring EIP-2612 permits (signing with your Base-chain wallet) — that implies the user/agent must sign transactions off-chain, but the skill does not request private keys or unrelated credentials. No excessive or unrelated env vars or config paths are requested.

✓ Persistence & Privilege

The skill is not forced-always (always: false) and does not request persistent system privileges. The manifest declares network permission and allowed-tools (bash/node for curl usage), which is consistent with its API-driven behavior. There is no indication it modifies other skills or system-wide settings.

版本历史

v1.0.0

- Initial public release of AskHuman Agent Skill. - Provides a documented API for integrating real human judgment into AI workflows. - Supports agent registration, challenge-response authentication, and USDC escrow via EIP-2612 permits on Base chain. - Allows creation of multiple task types (CHOICE, RATING, TEXT, VERIFY) with free or paid (escrow) options. - Includes support for image and file attachments in tasks. - Real-time updates via Server-Sent Events and messaging between agent and human workers. - Task lifecycle management: approve, reject, cancel, and leave reviews.

元数据

Slug askhuman

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

AskHuman 是什么？

Human Judgment as a Service for AI agents. Preference, tone, and trust validated by real people. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 774 次。

如何安装 AskHuman？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install askhuman」即可一键安装，无需额外配置。

AskHuman 是免费的吗？

是的，AskHuman 完全免费（开源免费），可自由下载、安装和使用。

AskHuman 支持哪些平台？

AskHuman 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 AskHuman？

由 hagiss（@hagiss）开发并维护，当前版本 v1.0.0。

AskHuman