v1.0.0

AICP Protocol

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:12 AM.

Analysis

The skill appears to be a local Python message-format and demo library, with no credentials, network access, persistence, or destructive behavior shown.

GuidanceThis looks safe to install as a local protocol/demo skill. Before using it to drive real multi-agent workflows, make sure AICP messages are treated as data unless a trusted receiver validates the sender, understands the glossary, and obtains any needed user approval for real actions.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

openclaw_aicp.py

"""AICP integration for OpenClaw subagent workflows.""" ... "Returns the wire payload that would be sent to subagent."

The skill is explicitly designed to create compact payloads for agent/subagent communication, but the artifacts define only message formatting and session IDs, not authentication, authorization, or trust checks for receivers.

User impactIf another system later maps these compact messages to real actions, it should verify the sender and user intent before acting; this code itself does not send messages or execute the operations.

RecommendationUse AICP payloads only over trusted channels, and require separate validation and user approval before translating operations like create, update, query, or delete into real tool actions.