Agent Network
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches a local multi-agent chat system, but weak group/identity boundaries and vote-integrity issues need review before use.
Use this only in trusted local experiments unless you add authentication, group-membership checks, vote-count fixes, and retention controls. Do not put confidential data or adversarial agents into it without those safeguards.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages intended for one group could be delivered to unrelated registered agents or handlers, exposing task, decision, or chat content.
Group-message routing sets should_notify for every registered handler when msg.group_id is present, without checking whether that agent is actually a member of the group.
for agent_id, handlers in self.message_handlers.items(): ... elif msg.group_id:
# 群组消息 - 通知所有在线的群组成员
should_notify = True
if should_notify:
handlers_to_call.extend(handlers)Enforce GroupManager.is_member before routing group messages, and document exactly which agents can receive each message type.
In a multi-agent setup, one caller could impersonate another agent, send messages, assign work, or influence votes if it can call the library with that ID.
An existing numeric agent ID is enough to register an agent session and send messages as that agent; no token, signature, owner check, or other authentication is shown.
def register_agent(self, agent_id: int, message_handler: Optional[Callable] = None) -> bool: ... AgentManager.go_online(agent_id) ... self.sessions[agent_id] = session
...
if from_agent_id not in self.sessions:
print(f"[协调器] Agent {from_agent_id} 未注册")Treat this as a trusted local coordination library only, or add authenticated sessions, per-agent credentials, and authorization checks for group, task, and voting operations.
Automated workflows or agents may act on incorrect approval/rejection counts, causing bad decisions to propagate through tasks or deployments built on top of this system.
When an existing vote is updated, the aggregate vote counters are still incremented instead of recalculated or adjusted, so repeated vote changes can inflate decision results.
if existing:
# 更新投票
db.execute("UPDATE decision_votes SET vote = ?, comment = ? WHERE id = ?", ...)
...
if vote == 'for':
db.execute("UPDATE decisions SET votes_for = votes_for + 1 WHERE id = ?", ...)Recompute vote totals from decision_votes after each vote, or adjust counters by removing the previous vote before adding the new one.
Old or poisoned messages, tasks, and decisions may be reused later, and confidential chat content may remain on disk.
The package creates and initializes a persistent local SQLite database on import, so chat/task/decision state can remain available across sessions.
def __init__(self, db_path: str = "data/agent_network.db"):
self.db_path = db_path
os.makedirs(os.path.dirname(db_path), exist_ok=True)
self.init_database()
...
db = Database()Avoid storing secrets, define retention/cleanup practices, and validate stored messages before using them to drive future agent actions.
If users connect handlers to webhooks, deployments, or other tools, chat messages could trigger actions without a separate human approval step.
Registered message handlers run asynchronously when messages are routed. This is expected for a collaboration system, but any privileged handler would be triggered by message flow.
# 异步调用处理器
for handler in handlers_to_call:
threading.Thread(target=handler, args=(msg.to_dict(),), daemon=True).start()Require explicit approvals, input validation, and rate limits for handlers that perform external or high-impact actions.
Users have less external assurance about who maintains the code or where to verify updates.
The artifacts provide no upstream source or homepage for provenance verification, though they also do not show a remote installer or download step.
Source: unknown Homepage: none Install specifications: No install spec — this is an instruction-only skill.
Review the bundled code before use and prefer a version with a clear repository, changelog, and maintainer provenance.