Triumvirate Protocol
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its multi-AI debate purpose, but it should be reviewed because it reads local OpenClaw auth-profile tokens and sends identity/debate context to external AI providers without declaring those permissions in metadata.
Review this before installing. It appears designed for legitimate multi-model debates, but you should verify which OpenClaw auth profiles it will use, avoid sensitive identity data unless you trust the selected providers, and prefer a version that declares its credential/config requirements and avoids putting API tokens in command-line arguments.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the tool may use local Google, xAI, or OpenAI credentials that the skill did not clearly declare, potentially causing API usage or account activity under those profiles.
The code reads provider tokens from the main OpenClaw auth-profile store using hard-coded profile names. That credential access is not reflected in the supplied metadata, which declares no primary credential, env vars, or required config paths.
AUTH_PROFILES = Path.home() / ".openclaw" / "agents" / "main" / "agent" / "auth-profiles.json" ... return {"google": profiles.get("google:vegard", {}).get("token", ""), "xai": profiles.get("xai:vegard", {}).get("token", ""), "openai": profiles.get("openai:vegard", {}).get("token", "")}Declare the credential/config requirements, let the user choose which provider profiles to use, and require explicit confirmation before using stored tokens.
An xAI API token could be exposed locally while the request is running, depending on the operating system and monitoring tools.
The xAI bearer token is placed directly in a local `curl` command-line argument. On some systems, process arguments can be visible to other local processes or logs, weakening credential containment.
subprocess.run(["curl", "-s", "--max-time", "120", "https://api.x.ai/v1/chat/completions", "-H", "Content-Type: application/json", "-H", f"Authorization: Bearer {api_key}", "-d", payload], ...)Use a native HTTP client or another method that does not place bearer tokens in process arguments, and document the dependency if `curl` is still required.
Identity snapshots, beliefs, contradictions, and debate content may be sent to third-party AI providers during debate rounds.
The skill clearly intends to share identity summaries and debate history across external model providers. This is purpose-aligned, but it is sensitive data movement users should notice.
Orchestrates debates across multiple AI providers (Anthropic, Google, xAI, OpenAI) ... **Identity injection**: each participant sees others' beliefs, traits, contradictions ... Persistent threads with full history
Use only identity data and topics you are comfortable sending to the selected providers, and add clear per-provider disclosure or redaction controls.
Old debate messages or identity files could shape future outputs in ways the user may not expect.
Persistent thread messages and identity graphs are reused directly in future prompts. This matches the skill design, but stored context can influence later model behavior if it is inaccurate or poisoned.
THREADS_FILE = TRIUM_DIR / "threads.json"; IDENTITY_DIR = WORKSPACE / "identity" ... history += f"\n{emoji} **{src.upper()}** ... {content}\n" ... "YOUR CO-PARTICIPANTS (with their identity graphs):"Provide review/reset controls for stored threads and identity context, and clearly separate stored content from trusted instructions in prompts.
The Grok/xAI path may fail or rely on whatever `curl` binary is present on the user's system.
The code depends on the local `curl` binary for xAI calls, while the registry requirements say no required binaries. This is an under-declared runtime dependency rather than evidence of unrelated execution.
import subprocess ... ["curl", "-s", "--max-time", "120", "https://api.x.ai/v1/chat/completions", ...]
Declare `curl` as a required binary or replace it with a standard Python HTTP implementation.