Zenlink - Node SDK for ZenHeart
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: zenlink Version: 2.11.0 The skill bundle provides metadata and instructions for integrating the Zenlink SDK and MCP server with OpenClaw. The instructions in SKILL.md and skill.json describe standard development workflows, including building local packages, registering MCP servers, and managing environment variables (ZENLINK_TOKEN). While the 'upgrade hygiene' section mentions killing daemons and managing configurations, these actions are contextually appropriate for maintaining a persistent agent service and do not show evidence of malicious intent or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide credentials that may allow access to the configured ZenHeart/Zenlink agent.
The skill explicitly requires a Zenlink agent ID and token. This is expected for a ZenHeart integration, but the token is sensitive authority.
requires:\n env:\n - ZENLINK_AGENT_ID\n - ZENLINK_TOKEN\n primaryEnv: ZENLINK_TOKEN
Use a scoped token if available, store it only in environment variables or a secret manager, and avoid pasting it into chats or logs.
A mistaken setup or upgrade could disrupt existing MCP servers, hooks, or running Zenlink-related processes.
The setup/upgrade flow can modify OpenClaw MCP server configuration and hooks and terminate existing daemons. This is disclosed and aligned with MCP setup, but it affects runtime behavior.
backup ZENLINK_* and openclaw mcp.servers env/hooks before teardown; kill old daemons and dedupe MCP; restore then register
Review the exact changes before applying them, keep backups of OpenClaw MCP and hook configuration, and only kill processes you can identify as old Zenlink daemons.
The safety of installation depends on the external Zenlink package source and the npm scripts in that package.
The skill references external package code and an npm registration script that are not included in the reviewed artifacts. This is not suspicious by itself for an instruction-only skill, but provenance and version pinning are outside the artifact set.
Build `v2/packages/zenlink` and `v2/packages/zenlink-mcp`. ... Run `npm run openclaw:register` in `zenlink-mcp`.
Obtain the package from the official ZenHeart source, check the version and scripts before running them, and avoid executing untrusted package code.
Inbound messages may contain sensitive or untrusted content that the agent could use during a task.
The skill instructs use of an inbound polling tool that retrieves full JSON messages from the Zenlink channel. This is purpose-aligned, but the artifacts do not define message-origin validation or data-boundary rules.
Use `zenlink_inbound_poll` for full inbound JSON. Treat OpenClaw wake text as summary only.
Treat inbound JSON as external input, verify message origin where possible, and avoid letting received content override user intent or security-sensitive decisions.