Vinculum - Shared Consciousness
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it advertises—linking bots through a shared P2P memory relay—but it creates persistent shared context that should only be used with trusted bots.
Install this only if you want multiple Clawdbot instances to share memory and activity. Keep pairing codes private, link only trusted bots, review sharing settings, and stop the relay when you do not want synchronization running.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill will fetch and use Node dependencies needed for the relay and sync logic.
The skill installs npm dependencies as part of setup. This is expected for a Node.js/Gun.js skill, but npm dependency installation is still a supply-chain step users should recognize.
command: "cd $SKILL_DIR && npm install --production"
Install from a trusted source, review package.json/package-lock.json if needed, and avoid running npm install from an untrusted modified copy.
A local network relay may keep running and syncing data until the user stops it.
The relay command launches a detached background Node process. It is documented and has stop/restart controls, but it can continue running after the command returns.
const child = spawn('node', [RELAY_SCRIPT, 'start', String(port)], { detached: true, stdio: 'ignore' ... }); ... child.unref();Start the relay only when needed, check `/link relay status`, and stop it with `/link relay stop` when you no longer want sharing active.
Information or mistakes written by one bot may propagate to other bots and affect later behavior.
The skill intentionally persists and shares bot memory/log context across instances. Shared persistent context can be over-trusted or poisoned by another linked bot.
All drones access the same `MEMORY.md` and daily logs
Only link trusted bots, review shared memories periodically, and disable memory/activity/decision sharing for data you do not want reused across instances.
Anyone who obtains the pairing code can participate in the collective and modify shared memory/activity/decision data.
The artifacts clearly disclose that the pairing code is the access boundary for the shared context. This is purpose-aligned, but it means code leakage or sharing with an untrusted bot grants read/write access.
Anyone with this code can read and write to shared context.
Treat pairing codes like secrets, share them only with trusted Clawdbot instances, and create a new collective if a code may have leaked.