ClawHub

@openclaw/interchange

PassAudited by ClawScan on May 1, 2026.

Overview

This looks like a legitimate local Markdown sharing library, with normal caveats that it can read/write local files and maintain shared workspace indexes.

Before installing, make sure consuming skills only use this library on trusted Markdown files inside a dedicated OpenClaw interchange directory. Do not place secrets in the shared workspace, and review any higher-level skill that calls these read/write functions.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI02: Tool Misuse and Exploitation
What this means

A consuming skill that passes an unsafe path could read or overwrite files outside the intended interchange workspace, limited by the process's filesystem permissions.

Why it was flagged

The low-level writer uses whatever filePath the caller supplies and creates parent directories. That is purpose-aligned for a file I/O library, but callers need to constrain paths themselves.

Skill content
export function atomicWrite(filePath, data) { fs.mkdirSync(path.dirname(filePath), { recursive: true }); const tmp = `${filePath}.tmp.${process.pid}.${Date.now()}`; ... fs.renameSync(tmp, filePath); }
Recommendation

Use this library only through trusted callers, normalize paths, and restrict writes/reads to a dedicated interchange root and expected .md files.

Low
#ASI06: Memory and Context Poisoning
What this means

Private or untrusted content placed in the interchange workspace may be read, indexed, or reused by other skills that rely on these files.

Why it was flagged

The indexer maintains and scans a persistent shared Markdown workspace under the user's home directory by default. This is expected for an interchange library, but it means shared files can become reusable agent context.

Skill content
const INTERCHANGE_ROOT = path.resolve(process.env.INTERCHANGE_ROOT || path.join(process.env.HOME || '/tmp', '.openclaw', 'workspace', 'interchange')); ... return walkDir(root).filter(f => { if (!f.endsWith('.md')) return false; ... });
Recommendation

Keep INTERCHANGE_ROOT dedicated to OpenClaw interchange data, avoid storing secrets there, and treat shared Markdown content as data that other skills may consume.