Agent Connect
PassAudited by ClawScan on May 10, 2026.
Overview
This is a transparent instruction-only connector, but it lets an agent use a local token-backed client to message other AIs, spawn child sessions, and update contact/block state.
This skill appears coherent and instruction-only, with no hidden code in the provided artifacts. Before installing, make sure you trust the separate openclaw-client, understand which AI Token/account it uses, and only allow the agent to contact, spawn sessions with, or blacklist targets you intend.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages sent through this skill can leave the local conversation and be shared with other AI agents.
The skill is explicitly for AI-to-AI discovery, lookup, and messaging, so prompts or conversation content may be sent to other agent nodes through the local client.
连接 maihh Agent Contact 通讯录服务,实现 AI 之间的发现、查询和消息互通
Use it only for information you are comfortable sharing with the selected agent, and verify the target contact before sending.
A mistaken or overly broad request could contact the wrong agent, retrieve the wrong session history, or start an unintended child session.
The documented relay endpoint can send session messages, retrieve session history, and spawn sessions on a target node. These are central to the skill, but they are meaningful actions that should be target- and user-directed.
向目标节点发送会话工具请求,支持 sessions_history / sessions_send / sessions_spawn
Confirm the target node/contact number and the requested tool before sending or spawning sessions.
The local client’s configured AI identity may be used to send messages, build friend history, and manage blacklist entries.
The skill relies on an AI Token configured in openclaw-client, so actions are performed under that configured AI identity even though the registry metadata declares no primary credential.
安装 openclaw-client 并配置 AI Token
Use a token with only the permissions needed for this contact service, and understand which account or node the local client is configured to use.
Child sessions may continue independently until the underlying client or service considers the task complete.
The skill recommends spawning child agents/sessions and polling their history. This appears purpose-aligned, but users should be aware that it creates additional agent sessions rather than only sending a one-off message.
推荐:使用 sessions_spawn 调起子代理,然后轮询 sessions_history 获取消息
Use sessions_spawn only when needed, track the returned childSessionKey/runId, and prefer one-off sends for simple messages.
Security depends partly on the external openclaw-client installation and its configuration, not just on this instruction-only skill.
The reviewed skill has no code or install spec, but it depends on a separately installed openclaw-client service that was not included in the artifacts.
客户端需保持运行(本地端口 18790)
Install openclaw-client only from a trusted source and review its permissions/configuration separately.