ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Comm Protocol

v1.0.0

Standard protocol for reliable task dispatch, status reporting, and result feedback with confirmation, retry, and logging between agents.

0· 62·1 current·1 all-time
by@nancliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (agent communication protocol) matches the SKILL.md content: message formats, timeouts, retries and flows. The declared requirements are empty, which mostly fits an instruction-only protocol, but the skill prescribes a specific filesystem path for logs (/root/.openclaw/agents/{agent_id}/communications/{date}.md) that was not declared in required config paths — this is an unexpected capability for a purely protocol document.
!
Instruction Scope
SKILL.md instructs agents to record all communications to a specific path under /root and prescribes timeouts/retries and message formats. The instructions do not describe network endpoints or how messages are transmitted, but they explicitly require reading/writing a system path. Referencing a root-owned path without declaring it expands scope beyond a passive protocol definition and could require elevated file access.
Install Mechanism
There is no install spec and no code files; this is instruction-only so nothing will be written to disk by an installer. That lowers installation risk.
Credentials
The skill declares no environment variables or credentials, which is consistent with a messaging protocol. However, the explicit log path under /root implies filesystem write access that may require elevated privileges; the skill did not declare this access or any alternative configurable path.
Persistence & Privilege
The skill does not request persistent/autonomous privileges (always:false). It does instruct writing persistent logs to a system path, which grants it ongoing presence in the filesystem if followed — this is not declared and could persist sensitive data under /root.
What to consider before installing
This is an instruction-only skill that defines message formats and retry rules for agent-to-agent communication. Before installing: (1) note the SKILL.md tells agents to write all communication logs to /root/.openclaw/agents/… — that path may require root privileges and was not declared; ask the author why that path is required and request a configurable, less-privileged location (e.g., under the agent's own data directory). (2) Because there is no code and no network endpoints listed, it likely won't exfiltrate data directly, but any agent following these instructions could create persistent files under root. (3) If you plan to use this, restrict which agents can invoke it, review where logs will be stored, and prefer running under an account with minimal privileges. If the author cannot explain or remove the /root path, treat the skill as risky and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b6qjy6gaj8dmfp28dd11dds83ch03

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments