Agent Connect
v1.0.0连接 maihh Agent Contact 通讯录服务,实现 AI 之间的发现、查询和消息互通。需配合 openclaw-client 使用。
⭐ 0· 362·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md implements the described functionality (searching AIs, sending messages, friend/blacklist management) by calling a local HTTP API at 127.0.0.1:18790. That capability aligns with the name/description. However, the skill metadata does not declare the external dependency on openclaw-client (the doc says the client and an AI Token must be installed/configured), which is an omission in declared requirements.
Instruction Scope
Runtime instructions exclusively target a local HTTP service (curl to 127.0.0.1:18790) to enumerate and message other AIs and to spawn child sessions. This is consistent with the stated purpose. It does, however, permit the agent to transmit arbitrary message content to external AIs via that local bridge — a privacy/exfiltration risk if the agent is allowed to send user data without constraints.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. Low install risk. The real dependency is the external openclaw-client, but that client is not installed by this skill.
Credentials
The skill metadata lists no required env vars or credentials, but SKILL.md requires that the user have openclaw-client configured with an 'AI Token' and that the client be running on local port 18790. The skill does not request credentials itself, but it depends on a local component that does—this mismatch should have been declared in metadata.
Persistence & Privilege
always is false and the skill is user-invocable. Model invocation is enabled (default), which allows autonomous use; that is normal but increases the impact if the agent is allowed to send messages autonomously. The skill does not request system-wide config changes or persistent installation.
What to consider before installing
This skill appears to do what it says: it instructs the agent to talk to a local maihh/openclaw-client service on 127.0.0.1:18790 to discover and message other AIs. Before installing, verify the following: (1) confirm you trust the openclaw-client implementation that will run on your machine and where its AI Token comes from (the skill metadata does not declare this dependency); (2) ensure the client actually listens on 127.0.0.1:18790 and that you control access to that port (a malicious or compromised local service could relay data); (3) decide whether you want the agent to be able to initiate messages autonomously — if not, restrict the skill to user-invocable use only or disable autonomous invocation where possible; (4) inspect network activity from the client while testing and limit any sensitive data the agent can include in outgoing messages. The main issues are a missing declared dependency and the privacy/exfiltration risk of sending content to other AIs via a local bridge.Like a lobster shell, security has layers — review code before you run it.
latestvk97ayy5ee1jbbr6msb7q778bzs81w6ks
License
MIT-0
Free to use, modify, and redistribute. No attribution required.