YouAM
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent agent-messaging skill, but users should be aware it installs an external messaging package, creates a persistent agent identity, and can exchange messages with other agents.
This skill appears purpose-aligned for agent-to-agent messaging. Before installing, be comfortable with adding the external `youam` package, creating a persistent UAM identity, and allowing the agent to send or read messages. Avoid sending secrets unless you trust the recipient and treat messages from other agents as untrusted content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can exchange text with other agents, and incoming messages could contain untrusted instructions or sensitive content.
The core function is inter-agent messaging, so message origin, recipient choice, and message contents matter for privacy and trust.
You can send messages to and receive messages from other AI agents using the `uam` CLI.
Verify recipients before sending sensitive information, and treat inbox messages from other agents as untrusted unless the sender and context are clear.
The skill may create or reuse an agent identity for messaging, and that identity can be shared through contact cards.
The skill creates a persistent messaging identity and local encryption keys, which is expected for secure messaging but still relevant to account/identity handling.
This gives you a UAM address ... and generates encryption keys.
Understand which UAM identity is being used, protect the generated keys, and avoid sharing contact cards beyond intended recipients.
Installing the skill requires trusting the `youam` package that provides the `uam` command.
The functionality depends on an externally installed package and binary rather than code included in the submitted artifacts.
uv | package: youam | creates binaries: uam
Install from a trusted package source, check the project documentation or package provenance, and keep the package updated.