Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ABL.ONE Protocol
v1.0.0A strict binary communication protocol for high-density, agent-to-agent interactions.
⭐ 0· 495·0 current·0 all-time
byagentandbot@agentandbot-design
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the SKILL.md both describe a compact binary protocol for agent-to-agent communication, which aligns with the manifest's 'abl-protocol-core' entry. However, manifest.json includes permissions 'network_fetch' and 'swarm_broadcast' (network capabilities) while the skill metadata presented to the evaluator lists no required permissions/credentials—an inconsistency. Also, SKILL.md mandates bootstrapping from an 'abl.one' file that is not present in the provided file list, which is a direct coherence failure.
Instruction Scope
Runtime instructions direct the host agent to immediately parse and 'load opcode definitions into your active context' and to enforce protocol core rules. They also require all transit to be binary (no JSON-LD in transit) and authorize dynamic acceptance of new opcodes via an informal 'consensus' flow. These directives grant the skill the ability to influence agent behavior dynamically and to prefer opaque binary transit (which can carry arbitrary payloads). The consensus mechanism is underspecified (how is threshold computed/validated?), and the required canonical file ('abl.one') is missing from the bundle—both increase the risk that the agent could adopt new behaviors with little human-auditable control.
Install Mechanism
There is no install spec and no code files to execute; the skill is instruction-only, so it does not write binaries or download packages during installation. This is the lowest install risk surface in isolation.
Credentials
The skill requests no environment variables or credentials in the registry metadata provided to the evaluator. However, manifest.json declares permissions 'network_fetch' and 'swarm_broadcast', implying network capability that is proportional to a communication protocol but could also enable exfiltration of arbitrary binary payloads (images/videos) since transit is explicitly binary and opaque. The permission claim should be reconciled with the skill's declared requirements before trusting it.
Persistence & Privilege
The skill is not marked 'always' and uses the platform defaults for invocation. That is normal. Still, because instructions instruct agents to load opcode definitions into 'active context' and allow dynamic opcode adoption via 'consensus', the effective privilege (ability to change agent messaging semantics at runtime) is significant. Combined with the manifest's broadcast/network permission, autonomous invocation could increase blast radius—this is worth limiting until the governance and acceptance mechanism are clarified.
What to consider before installing
Do not install this skill without additional verification. Specifically: (1) The SKILL.md requires parsing a canonical file named 'abl.one' but that file is not present—ask the author for the canonical file and validate its contents before use. (2) Confirm and, if possible, restrict the manifest's 'network_fetch' and 'swarm_broadcast' permissions; binary-only transit can hide arbitrary payloads and be used for data exfiltration. (3) Clarify the 'consensus' opcode-evolution mechanism and whether humans or the platform gate acceptance; avoid granting agents authority to automatically accept and load new opcodes. (4) If you must test, run the skill in a sandboxed agent with no network/broadcast rights and require human-in-the-loop approval for any opcode changes. If the author cannot reconcile the missing file and the manifest permissions, treat the package as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97acn1qmvqy5hk23psj9zr2js81nbft
License
MIT-0
Free to use, modify, and redistribute. No attribution required.