Channel Management
v1.0.0Manage multiple communication channels, admin identity recognition, and primary channel configuration
⭐ 0· 96·2 current·2 all-time
byMonty@montycn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the actual behavior: identifying admin/trusted contacts and managing a primary channel. It reads and writes files in the user's home (~/primary-channel.json and ~/trusted-contacts.json) and references ~/workers-registry.json for Worker identification — the latter file is not declared in the registry metadata but is plausibly part of the agent runtime.
Instruction Scope
SKILL.md explicitly instructs the agent to read and atomically update JSON files in the user's home and to use the built-in message tool for notifications. Those actions are within the skill's scope, but they do mean the agent will execute jq-based shell commands and read files that may contain potentially sensitive runtime data (e.g., workers-registry.json). The skill also instructs to 'silently ignore' unknown senders and to never share secrets — the policy is explicit.
Install Mechanism
This is an instruction-only skill with no install spec. The included shell script is small, self-contained, and stored under scripts/. No downloads or external installers are used.
Credentials
No environment variables or external credentials are requested, which is proportional. One operational omission: the instructions and scripts rely on jq being available but the skill metadata does not declare jq as a required binary; ensure jq is present in the execution environment before relying on atomic JSON updates.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It reads/writes files in the user's home and does not modify other skills or system-wide configuration.
Assessment
This skill appears to do what it claims: manage a primary notification channel and maintain a trusted-contacts list. Before installing, verify the following: (1) inspect scripts/manage-primary-channel.sh yourself (it's short and readable) and confirm you are comfortable with it writing ~/primary-channel.json; (2) confirm jq is available in your agent environment (the SKILL.md and provided commands use jq for atomic edits); (3) check the contents and permissions of ~/workers-registry.json (if present) and ~/trusted-contacts.json because the skill will read/update these files — ensure they do not contain secrets you wouldn't want an agent to access; (4) remember the agent may be allowed to invoke the skill autonomously (this skill is not always:true, but model invocation is enabled by default) so limit which agents/users can trigger admin actions and review audit/logging for changes to the JSON files. If any of these points are unacceptable, review or modify the skill files before enabling it.Like a lobster shell, security has layers — review code before you run it.
latestvk9759hxe0scpdw6keny1epwpwd8396a8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.