ogp-agent-comms

v0.6.0

Interactive wizard to configure agent-to-agent communication policies (updated for multi-framework `--for` workflows, OGP 0.2.24+ peer identity, and 0.2.28+...

⭐ 1· 167·0 current·0 all-time

bylatentgenius@dp-pcs

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description match the instructions: the SKILL.md exclusively documents CLI interactions with the OGP daemon (ogp commands) to configure agent-comms policies. No unrelated credentials, binaries, or system paths are requested.

✓

Instruction Scope

Instructions limit activity to querying and updating OGP configuration, listing peers, and running the OGP 'agent-comms' interview. The document does not instruct the agent to read unrelated files, sweep environment variables, or exfiltrate data to third-party endpoints. It references platform hooks (e.g. /hooks/agent) only as part of normal behavior.

ℹ

Install Mechanism

The skill itself has no install spec, but the README suggests installing a third-party npm package (@dp-pcs/ogp) to get the ogp CLI. npm is a standard distribution method (moderate risk); users should verify the package source and trustworthiness before running global installs.

✓

Credentials

The skill declares no required environment variables or credentials and its runtime instructions do not request unrelated secrets. It references configuration flags (e.g. hooks.allowRequestSessionKey) that are OGP platform settings, which are appropriate to this domain.

✓

Persistence & Privilege

The skill is instruction-only, has always:false, and does not request permanent platform presence or modify other skills' configurations. It instructs the user to run OGP commands that update OGP config (expected behavior for a configuration wizard).

Assessment

This skill appears coherent and limited to configuring OGP agent-comms policies. Before using it: (1) verify and audit the referenced npm package (@dp-pcs/ogp) and its source (GitHub repo) before running npm install -g; (2) run the ogp commands manually first (ogp config show, ogp federation list) to inspect current state and avoid unintended changes; (3) back up your OGP configuration before making policy changes; (4) pay attention to session-key and human-delivery settings (hooks.allowRequestSessionKey and humanDeliveryTarget) — only enable request of session keys if you trust the peer and your platform configuration; and (5) if you are unsure about the package, perform installs in an isolated/dev environment or consult the package's repository and publisher identity first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798ewpjs7t1vy97563ac8scs84h30h

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

ogp-agent-comms

License

Comments