Relay To Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
The relay behavior is mostly disclosed, but the session name is used in file paths without validation, which could let an invocation read or overwrite unexpected local JSON files.
Review this skill before installing. Only use trusted API endpoints and keys, avoid sensitive content, and be especially cautious with custom --session values until the maintainer confines session paths to the intended cache directory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted session name could cause the skill to read from or write to JSON files outside ~/.cache/relay-to-agent/sessions if the path resolves to an accessible location.
The user-provided session ID is placed directly into a path and then used for reads and writes without rejecting path separators or '..' segments.
case '--session': sessionId = args[++i]; ... return join(SESSIONS_DIR, `${agentId}_${sessionId}.json`); ... readFileSync(path, 'utf-8') ... writeFileSync(path, JSON.stringify(trimmed, null, 2));Reject session IDs containing slashes, backslashes, absolute paths, or '..'; resolve the final path and verify it remains under the sessions directory before any read or write.
Whoever controls the configured endpoint may receive requests authenticated with this API key.
The skill requires an API key for the configured OpenAI-compatible service, which is expected for its relay function.
export RELAY_API_KEY="sk-..." # API key (required)
Use a provider-specific key with the minimum needed permissions and only configure endpoints you trust.
Past conversation content may be retained locally and included in later requests for the same agent and session.
The skill persistently stores conversation history and reuses it for future multi-turn conversations.
Sessions are stored locally at `~/.cache/relay-to-agent/sessions/`. Each agent+session combination keeps up to 50 messages.
Avoid sending secrets, use --reset when starting unrelated tasks, and periodically clear the local session cache if it may contain sensitive content.
Message content and conversation history leave the local machine and are processed by the configured AI service.
The script sends the current message and retained session messages to the configured external agent endpoint.
const baseURL = process.env.RELAY_BASE_URL || config.baseUrl; ... const client = new OpenAIClient({ apiKey, baseUrl: baseURL }); ... client.createChatCompletion({ model, messages });Confirm the configured base URL and agent list before use, and do not relay private data to providers you have not approved.