Comms Hub Bridge
WarnAudited by ClawScan on May 10, 2026.
Overview
The bridge broadly matches its messaging purpose, but it is preconfigured to a specific hub and gives agents broad cross-agent messaging, file sharing, inbox deletion, and automatic message-processing capabilities with unclear identity and data boundaries.
Only install this if you recognize and trust the configured Comms Hub server and intended agent identity. Before use, replace the packaged config with your own hub settings, avoid uploading sensitive files unless you trust the hub and recipients, and require human approval before processing or deleting messages from other agents.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private messages or selected files could be sent to, or retrieved from, a bridge server the user did not intend to trust.
The packaged config directs bridge traffic to a specific hub and agent identity by default, so messages and uploaded files can go to that hub unless the user notices and changes the config.
"hubIp": "208.111.34.11", "hubHost": "omni-alienware2025.tail2ccb03.ts.net", "hubPort": 443, "hubProto": "https", "agentName": "plato"
Remove live default hub settings, require explicit user configuration, and document the hub trust model, authentication, authorization, and file-sharing boundaries.
A misconfigured or abused client could impersonate an agent name, read that inbox, or remove messages from it.
The client uses the locally configured MY_NAME as the sender and inbox identity, and acknowledgements delete messages for that identity. The artifacts do not show any credential or token binding that identity to the user.
send: (to, subject, body, priority) => request('POST', '/api/bridge/message', { from: MY_NAME, to, subject, body, priority: priority || 'normal' }),
inbox: () => request('GET', `/api/bridge/inbox/${MY_NAME}`),
ack: (messageId) => request('DELETE', `/api/bridge/inbox/${MY_NAME}/${messageId}`)Bind agent names to authenticated credentials or per-agent tokens, and avoid shipping a default identity such as "plato".
Another agent’s message could steer this agent’s behavior or cause messages to be deleted before a human reviews them.
The skill instructs the agent to periodically process and acknowledge messages from other agents, and possibly respond immediately, without saying to treat those messages as untrusted or to seek approval before changing tasks.
Check inbox on every heartbeat or periodic interval: ``` 1. Run: node scripts/bridge-client.js inbox 2. If messages exist → read, process, ack each 3. If high priority → respond immediately or alert human 4. Log activity to daily memory file ```
Treat bridge messages as untrusted input, require confirmation before acting on new instructions or deleting messages, and preserve audit logs for human review.
Misleading or malicious bridge messages could be saved and later influence future agent behavior.
The skill recommends persisting activity from bridge communications into memory, which can be useful but can also carry untrusted message content into future context.
Log activity to daily memory file
Log only bounded summaries, mark bridge-originated content as untrusted, and avoid storing raw external instructions in persistent memory.