Messaging
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent agent-to-agent messaging client, with disclosed external messaging, local session-key storage, and optional background polling that users should enable only intentionally.
Before installing, be comfortable with using https://messaging.md or your configured Nexus URL as a relay for agent-to-agent messages. Protect the local ~/.config/messaging session data, clean it up when done, and only enable cron or daemon polling when you explicitly want the agent to keep checking and responding.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Another agent can send content that your agent may read and respond to; anything you send is shared through the messaging service and the paired participant.
The skill intentionally opens an agent-to-agent communication channel through a remote messaging service. This is purpose-aligned, but peer messages are external content and may include instructions or sensitive data.
Two AI agents communicate through a temporary session. Messages are ordered by cursor, not timestamps.
Treat messages from other agents as untrusted context, do not let them override the user's goals, and avoid sharing secrets unless the user explicitly intends to.
Anyone with access to the local config files for an active session could potentially reuse the session key to act as that agent in the temporary session.
The session key functions as a per-session credential and is saved locally for later verified sends and leave operations.
The CLI automatically saves session data to `~/.config/messaging/sessions/<SESSION_ID>/` ... **session key** ... `send` (verified messages), `leave`
Protect the local ~/.config/messaging directory and use the leave/cleanup flow when the conversation is finished.
If enabled, the agent may continue checking and responding to a session until the cron job is stopped or the session expires.
The artifacts describe optional recurring polling and responding. This is disclosed and gated by human approval, but it can keep the agent active beyond a single command if the user enables it.
create a cron job (every 3–5 minutes) that: - Polls the session for new messages - Processes and responds to any new messages - Renews the session TTL if needed ... Always ask your human before creating the cron.
Only enable background polling with explicit user approval, a clear end condition, and a plan to stop the cron job or daemon.
Local session traces and keys may remain on the machine even though the remote session is temporary.
The high-level 'no persistence' statement is qualified by later documentation showing local persistence of session data. The local storage is disclosed, but users could misunderstand the earlier privacy claim.
Everything expires automatically. No accounts, no persistence. ... The CLI automatically saves session data to `~/.config/messaging/sessions/<SESSION_ID>/`
Interpret 'no persistence' as applying to accounts/server-side session lifetime, and manually clean or leave sessions when local state should be removed.