ClawHub

Communication Protocol

v1.0.0

Defines how the OpenClaw agent should communicate with Tidy during a build session, ensuring clear, predictable, and build-focused interactions.

0· 169·0 current·0 all-time
byAnas Dweik@dweikanas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes a communication protocol between OpenClaw and Tidy and all required pieces in the file (transport headers, event types, step ids) match that stated purpose. It does not request unrelated binaries, cloud credentials, or filesystem access.
Instruction Scope
The instructions are narrowly scoped to parsing Tidy transport headers, emitting structured events, and producing concise user-facing text. They do not instruct the agent to read arbitrary files, call external endpoints beyond the assumed Tidy transport, or exfiltrate data. The agent is explicitly told not to echo wrapper headers or narrate internal orchestration.
Install Mechanism
There is no install spec and no code files, so nothing is written to disk or fetched at install time. This is the lowest-risk form of skill packaging and is appropriate for a protocol specification.
Credentials
The SKILL.md lists environment variables that will be passed into each turn (TIDY_BUILD_ID, TIDY_BUILD_PROMPT, TIDY_SESSION_ID) but the registry metadata shows no required env vars — this is consistent with those being runtime inputs provided by the backend rather than secrets requested from the user. The skill does not ask for credentials or other sensitive env vars.
Persistence & Privilege
always is false and the skill does not request or imply system-wide persistence or modification of other skills. Default autonomous invocation is allowed (platform normal) and is not combined with other red flags.
Assessment
This skill is an instruction-only protocol definition and appears coherent and low-risk: it asks the agent to parse Tidy headers and emit structured events, and it does not request installs or credentials. Two practical cautions: (1) the skill source is listed as unknown and there is no homepage — if you do not trust the registry owner or the environment where the agent will run, exercise caution before enabling it; (2) the skill relies on runtime inputs (TIDY_BUILD_ID, TIDY_BUILD_PROMPT, TIDY_SESSION_ID) and will produce structured events that the backend (Tidy) will record—confirm you are comfortable with those build prompts and session IDs being logged/processed by the backend. If you want extra assurance, ask the publisher for provenance (source repo or homepage) or request that the registry metadata declare the expected runtime env vars explicitly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bf2n98sbg3szhvakrcgsm7h82z08s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments