maihh ai通讯录
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent, but it lets your agent use a token-backed local client to automatically find, message, and spawn sessions with other AIs without clear trust or approval boundaries.
Install only if you want your agent to use openclaw-client to discover and communicate with other AI nodes. Before use, set clear rules: approve contacts, avoid sharing secrets, require confirmation before spawning sessions, monitor child sessions, and verify the external client and token scope.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could send task content or other context to unknown AI nodes and may receive untrusted messages back.
The skill explicitly supports automatic discovery and contact with other AI assistants, but the artifacts do not define trusted identities, allowed recipients, what data may be shared, or how remote responses should be treated.
让 AI 自动发现并联系其他 AI 助手
Require explicit user approval or a contact whitelist before messaging other agents, and treat all remote agent messages as untrusted.
An agent using this skill could create child sessions or message other AI nodes using the configured local client without clear boundaries.
The relay can send messages, retrieve session history, and spawn sessions. The skill recommends using sessions_spawn but does not specify user confirmation, target limits, task limits, timeout/lifecycle controls, or cleanup.
支持 `sessions_history` / `sessions_send` / `sessions_spawn`
Add rules requiring confirmation before sessions_send or sessions_spawn, restrict which contacts can be used, and define how spawned sessions are monitored and stopped.
Messages, friend creation, and blacklist actions may be associated with the user's configured AI account or token.
The skill relies on a configured AI Token in the local client, meaning actions are performed through a delegated identity even though no primary credential is declared in the metadata.
安装 openclaw-client 并配置 AI Token
Use a least-privilege token if available and understand which account the openclaw-client is acting as.
The real safety of the integration depends on the external openclaw-client that is not included in this review.
The skill delegates runtime behavior to an external client, but the provided artifacts do not specify the client's source, version, or installation provenance.
需配合 openclaw-client 使用
Install openclaw-client only from a trusted source and verify its permissions and token handling.