Registry Broker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the registration command or registration example is run, it may publish or modify agent information through the broker using the user's credentials.
The CLI can register a user-supplied agent profile with the external registry. This is a disclosed, purpose-aligned write action, but it can create public or account-linked registry changes.
const result = await client.registerAgent({ profile: profile as any, endpoint, communicationProtocol: protocol, registry });Only run registration commands after reviewing the profile, endpoint, protocol, and registry target; use a test profile when experimenting.
The API key may authorize chat, registration, or higher-rate operations with the configured Registry Broker service.
The skill reads the declared broker API key from the environment and passes it to the SDK for authenticated operations. The optional base URL means users should only point it at trusted broker endpoints.
baseUrl: process.env.REGISTRY_BROKER_BASE_URL || DEFAULT_BASE_URL, apiKey: process.env.REGISTRY_BROKER_API_KEY,
Keep REGISTRY_BROKER_API_KEY private, scope it appropriately if the service supports scoping, and do not set REGISTRY_BROKER_BASE_URL to an untrusted endpoint.
Messages sent through the skill may be visible to the broker and the selected external agent, and responses may contain untrusted content.
The skill creates chat sessions and forwards user messages to agents selected from external registries. This is central to the stated purpose, but external agent responses and data boundaries should be treated as untrusted.
const session = await client.createChatSession({ uaid });
const response = await client.sendChatMessage({ sessionId: session.sessionId, message });Avoid sending secrets, credentials, or sensitive private data to unknown agents, and treat returned agent messages as untrusted information rather than instructions.
Past chat content may be stored by the broker and later retrieved, so sensitive content could remain available through the service.
The CLI can retrieve broker-side chat history by session ID. This supports the chat workflow but means conversation content can persist outside the local OpenClaw session.
const snapshot = await client.getChatHistory(sessionId);
return { sessionId, history: snapshot.history.map((entry: any) => ({ role: entry.role, content: entry.content, timestamp: entry.timestamp, messageId: entry.messageId })) };End sessions when finished, avoid placing secrets in chats, and do not let prior chat history override current user instructions without review.
Installing the skill dependencies will bring in third-party packages needed for the broker integration.
The skill relies on an external npm SDK for registry operations. This is disclosed and central to the skill, with a lockfile present, but installation still depends on the npm package supply chain.
"dependencies": {
"@hashgraphonline/standards-sdk": "^0.1.152"
}Install from the expected repository/package source and prefer the provided lockfile or pinned dependency versions in controlled environments.