v1.2.0

Vinculum - Shared Consciousness

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

Vinculum appears to be a coherent shared-memory relay skill, but users should only link trusted bots because it intentionally shares agent memory, decisions, and activity over a network and can run a local relay in the background.

GuidanceInstall only if you want multiple Clawdbot instances to share persistent context. Keep pairing codes private, connect only trusted peers, avoid putting secrets in shared memory, and stop the relay when you do not need network sync.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/commands/relay.js

const child = spawn('node', [RELAY_SCRIPT, 'start', String(port)], {

The skill launches a bundled Node relay script. The script path is fixed and this behavior is documented, but it is still local process execution.

User impactStarting the relay runs additional local Node code as the current user.

RecommendationInstall from a trusted source and start the relay only when you intend to enable sync.

Rogue Agents

SeverityLowConfidenceHighStatusNote

scripts/commands/relay.js

detached: true, stdio: 'ignore', ... child.unref();

The relay is deliberately detached so it can keep running after the start command returns.

User impactThe relay service may continue running and listening on the configured port until it is stopped.

RecommendationCheck relay status with `/link relay status` and stop it with `/link relay stop` when sync is not needed.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

command: "cd $SKILL_DIR && npm install --production"

The skill installs Node dependencies to function. This is expected for the Gun.js relay, but users should recognize that npm packages are part of the trusted artifact set.

User impactInstalling the skill also installs its declared npm dependencies.

RecommendationReview the package files and install from the expected repository before enabling the relay.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/commands/init.js

Anyone with this code can read and write to shared context.

The invite/pairing code functions as an access secret for the shared collective and grants both read and write authority.

User impactAnyone who receives or obtains the pairing code can join the collective and modify shared memory or decisions.

RecommendationTreat pairing codes like secrets, share them only with trusted bot instances, and leave or recreate the collective if a code is exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Activity summaries | ✅ ... Learned knowledge | ✅ ... Decisions | ✅ ... Drone status | ✅

The skill intentionally shares persistent agent context and decisions across linked bots, which is its core purpose but also means shared content can influence future agent behavior.

User impactInformation or bad assumptions shared by one linked bot may be reused by other bots in the collective.

RecommendationUse the collective only with trusted bots, avoid sharing secrets, and disable activity, memory, or decision sharing when not needed.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

scripts/commands/relay.js

if (!url || !url.startsWith('http')) { ... } ... peers.push(url);

The peer command accepts any HTTP/HTTPS peer URL, so configured sync can extend beyond localhost or a LAN if the user adds such a peer.

User impactShared context may be sent to any configured relay peer, including non-local peers if the user adds them.

RecommendationAdd only trusted peer URLs, prefer local or controlled relays, and use firewall/network controls for the relay port.