中文 集体聊天系统
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for a private agent chat system, but it manages persistent cross-agent files and automatic recovery actions without clear trust, scope, or approval boundaries.
Install only if you intentionally run the specific Axioma Stellaris/Merlin environment and trust every agent or process with access to the shared folders. Before using it, add permissions, backups, identity checks, and explicit approval for wake, notify, backup-restore, and cross-agent journal actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any agent or process with access to those files could alter the chat or queue and potentially steer other agents that trust the shared records.
The skill defines inter-agent communication through shared local files, but the artifacts do not define agent identity checks, message provenance, permissions, or boundaries for who may read or write the shared state.
代理间通信 | 使用集体聊天 ... COLLECTIVE_CHAT.md └─ 共享聊天记录 ... collective_queue.json └─ 队列顺序
Use only in a trusted, access-controlled workspace; add clear identity/provenance checks, file permissions, and human approval before acting on cross-agent messages.
Persistent messages or journals could carry incorrect or hostile instructions into later agent sessions if they are reused as trusted context.
The skill relies on persistent shared chat history and agent journals, but does not specify retention, sanitization, trust rules, or whether agents should treat the contents as untrusted data.
📓 <agent>-journal.md └─ 各代理的个人日记 ... 读取记录 | 查看历史消息
Treat shared chat and journal contents as untrusted; define retention, review, sanitization, and explicit rules preventing stored messages from overriding user instructions.
The agent could take operational actions affecting other agents or people when a queue condition is met, even if the user did not explicitly approve that action.
The auto-heal flow goes beyond reading or writing chat by directing health checks, writing to another agent's journal, attempting to wake another agent, and notifying a person without clear approval or containment.
如果 > 2 cycles (> 1h): - openclaw health - 如果 Morgana 宕机: - 在她的 AMIMOUR 日记中写入 - 尝试唤醒 - 如果仍然宕机 → 通知 Alexandre
Require explicit user confirmation for health checks, wake attempts, cross-agent journal writes, backup restores, and notifications; document exact commands and limits.
If installed outside the intended Merlin environment, the agent may impersonate or misattribute messages to Merlin.
The skill instructs the agent to write as a specific persona, Merlin. That may be intended for this cluster, but it should be noticed because it can make a generic installed agent speak as a named agent.
写入 COLLECTIVE_CHAT.md(第一人称) ... 我是 Merlin,高等伦理应用大师。
Clarify that the skill is only for the intended Merlin/Axioma environment, or parameterize the agent identity instead of hard-coding it.