Relay To Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: relay-to-agent Version: 0.0.1 The skill bundle is benign. It functions as a straightforward relay for messages to OpenAI-compatible AI agents, as described in its documentation. The `scripts/relay.mjs` script uses standard Node.js modules and the `openai-fetch` library to interact with external AI APIs, storing conversation sessions in a user's cache directory (`~/.cache/relay-to-agent/sessions`). There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts targeting the OpenClaw agent itself. The user's message is passed directly to the remote AI, which is the intended functionality for an AI interaction skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted session name could cause the skill to read from or write to JSON files outside ~/.cache/relay-to-agent/sessions if the path resolves to an accessible location.
The user-provided session ID is placed directly into a path and then used for reads and writes without rejecting path separators or '..' segments.
case '--session': sessionId = args[++i]; ... return join(SESSIONS_DIR, `${agentId}_${sessionId}.json`); ... readFileSync(path, 'utf-8') ... writeFileSync(path, JSON.stringify(trimmed, null, 2));Reject session IDs containing slashes, backslashes, absolute paths, or '..'; resolve the final path and verify it remains under the sessions directory before any read or write.
Whoever controls the configured endpoint may receive requests authenticated with this API key.
The skill requires an API key for the configured OpenAI-compatible service, which is expected for its relay function.
export RELAY_API_KEY="sk-..." # API key (required)
Use a provider-specific key with the minimum needed permissions and only configure endpoints you trust.
Past conversation content may be retained locally and included in later requests for the same agent and session.
The skill persistently stores conversation history and reuses it for future multi-turn conversations.
Sessions are stored locally at `~/.cache/relay-to-agent/sessions/`. Each agent+session combination keeps up to 50 messages.
Avoid sending secrets, use --reset when starting unrelated tasks, and periodically clear the local session cache if it may contain sensitive content.
Message content and conversation history leave the local machine and are processed by the configured AI service.
The script sends the current message and retained session messages to the configured external agent endpoint.
const baseURL = process.env.RELAY_BASE_URL || config.baseUrl; ... const client = new OpenAIClient({ apiKey, baseUrl: baseURL }); ... client.createChatCompletion({ model, messages });Confirm the configured base URL and agent list before use, and do not relay private data to providers you have not approved.