Agent Relay

The skill implements a cross-instance messaging system via an external relay server, which requires the user to transmit a local webhook authentication token to a remote endpoint (RELAY_URL) as described in SKILL.md. While this functionality is consistent with the stated purpose of the 'agent-relay' tool, the architecture creates a significant attack surface by establishing a remote trigger mechanism that allows an external service to initiate actions on the OpenClaw agent. The requirement to share sensitive hook tokens with a third-party relay (e.g., hosted on Railway) constitutes a high-risk capability.