Code Pluginsource linked
Agent Protocolv1.0.0
Infrastructure-level routing enforcement for OpenClaw multi-agent systems. Agents must dispatch restricted tools to the correct specialist — enforced at the gateway level, not the prompt level.
Community code plugin. Review compatibility and verification before install.openclaw plugins install clawhub:openclaw-agent-protocolLatest release: v1.0.0Download zip
Capabilities
- Tags
- configSchema
- Yes
- Executes code
- Yes
- HTTP routes
- 0
- Runtime ID
- openclaw-agent-protocol
Compatibility
- Built With Open Claw Version
- 2026.4.10
- Min Gateway Version
- 2026.3.24-beta.2
- Plugin Api Range
- >=2026.3.24-beta.2
- Plugin Sdk Version
- 2026.4.10
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The package implements an agent-level routing/enforcement plugin: it loads a local policy, resolves target agents, blocks or logs tool calls, and records violations to a local SQLite DB. These behaviours align with the described 'agent protocol' purpose; no unrelated credentials or network endpoints are requested.
Instruction Scope
Runtime behaviour is limited to local files and the plugin API: reading ~/.openclaw/hard_stop_policy.json, writing/initializing ~/.openclaw/compliance.db, optionally reading openclaw.json during setup, and copying files into ~/.openclaw/extensions when the setup wizard is run. It inspects tool params (command/path/code/url) to decide/record violations — this is expected, but those params may include sensitive content that will be logged locally.
Install Mechanism
There is no automated install spec in the registry (lowest-risk), but built code is included and a bundled setup wizard (dist/wizard.js) performs local installation by copying files into ~/.openclaw/extensions and initializing a SQLite DB. No remote downloads or external packages are fetched at runtime by the wizard; however runtime imports reference common node packages (better-sqlite3, glob, minimatch) which must be present in the runtime environment.
Credentials
The skill requests no credentials or special env vars beyond HOME and optional DEBUG. It will log snippets of tool parameters (command/path/code/url) into a local compliance DB and debug log file — this is proportionate to audit needs for an enforcer but could record sensitive content locally. No external transmission paths are present in the code.
Persistence & Privilege
The skill does not request always:true and is user-invocable. The included plugin manifest(s) indicate enabledByDefault: true which means it may be active automatically after installation; the setup wizard also writes files into ~/.openclaw/extensions making the plugin persistent for the user. It does not modify other skills' configurations, but there is a minor inconsistency in plugin IDs: code uses id 'openclaw-agent-protocol' while the wizard writes a manifest with id 'agent-routing-enforcer' — this could cause confusion during installation.
Assessment
This plugin appears to do what it says: enforce routing of tool calls and keep a local compliance log. Before installing, review the default policy (~/.openclaw/hard_stop_policy.json or defaults/policy.json) to ensure the routing rules and allowTools list match your expectations. Be aware that blocked calls' parameters (commands, paths, code, URLs) are recorded in a local SQLite DB (~/.openclaw/compliance.db) and an optional debug log; if those parameters could contain secrets, consider controlling access to that DB file or disabling detailed logging. Note the small inconsistency between plugin IDs ('openclaw-agent-protocol' vs 'agent-routing-enforcer') — confirm which ID your gateway will register to avoid duplicate/conflicting installations. Finally, the setup wizard must be run to copy/install the plugin files; it operates locally and does not contact external servers.Verification
- Tier
- source linked
- Scope
- artifact only
- Summary
- Validated package structure and linked the release to source metadata.
- Commit
- *Source Comm
- Tag
- main
- Provenance
- No
- Scan status
- clean
Tags
- latest
- 1.0.0