Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Comms Hub Bridge
v1.0.0Send and receive messages between AI agents via the Comms Hub bridge network. Use when communicating with other agents (Aristotle, Daedalus, Thales, Steel Ma...
⭐ 0· 558·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md and the included scripts/bridge-client.js align: the code performs messaging, inbox polling, acking, file listing/upload, and state queries to a Comms Hub. This capability set is coherent for a 'Comms Hub Bridge'. However the bundled config.json points to a specific remote host/IP by default, which means the skill will contact that third-party server unless the user reconfigures it.
Instruction Scope
Runtime instructions are specific and limited to hub operations (health, send, inbox, ack, files, upload, state). The SKILL.md recommends checking inbox on every heartbeat and 'log activity to daily memory file' — this establishes an automated/persistent polling behavior that could cause the agent to process and send messages or upload files autonomously. While consistent with the purpose, it increases risk of automated data transfer.
Install Mechanism
No install spec; only an instruction file and a single JavaScript client are included. Nothing is downloaded or written to system locations by an installer — lowest install risk. The script will read the bundled config.json at runtime.
Credentials
The SKILL.md documents environment variables (BRIDGE_*) that can override config.json, but the registry metadata lists no required env vars; this mismatch is minor but noteworthy. More importantly, the skill allows uploading arbitrary local files to the configured hub and will by default use the included config.json that points to an external host/IP. There are no credentials required, but because file upload and arbitrary message bodies are supported, the skill can be used to exfiltrate sensitive files if misused or if the hub is untrusted.
Persistence & Privilege
The skill does not request 'always: true' and uses normal autonomous-invocation behavior. It does read a local config.json (bundled) and can be invoked programmatically, but it does not modify other skills' configs or request elevated agent privileges.
What to consider before installing
This skill does what it says — it connects to a Comms Hub and supports messaging and file uploads — but pay attention before installing:
- Review and change config.json: it ships with a preconfigured hub IP/hostname. If you don't trust that server, replace it with your own hub or remove the file before running.
- Treat uploads as sensitive: upload command reads arbitrary local files and sends them to the hub. Do not allow automated uploads of sensitive files (credentials, SSH keys, environment files, datasets) unless the hub and its operators are trusted.
- Decide whether to allow autonomous use: SKILL.md suggests polling on every heartbeat; allowlisting this skill for autonomous invocation only if you want the agent to automatically process/ack messages. Otherwise require user approval for send/upload actions.
- Environment vars: the skill supports BRIDGE_* env overrides (not declared as required). If you deploy, ensure environment variables aren’t set to point to an untrusted endpoint.
- Network controls: consider firewalling the host at network level or restricting egress to known hubs.
If you want a safer install, ask the publisher for documentation of the hub service, or replace the bundled config with your own hub address and remove the provided host/IP before use.Like a lobster shell, security has layers — review code before you run it.
latestvk979g3nshhv98db3jaz9bsrcq981cvep
License
MIT-0
Free to use, modify, and redistribute. No attribution required.