Reed Agent Network
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill builds the stated Discord/GitHub agent network, but it also creates persistent shared instructions that can override local agent behavior and grant “Reed” high-priority authority.
Install only if you control or fully trust the GitHub repo, Discord channel, and Reed admin authority model. Review the shared constitution before enabling agents to read it, and use scoped GitHub credentials plus sender verification for Discord events.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Agents using this network may treat Reed’s instructions as overriding local memory or user expectations in network contexts.
The helper initializes the shared constitution with rules making Reed the highest-priority instruction source. Because the skill requires agents to use that constitution, this can redirect future agent behavior beyond normal user-controlled task scope.
f.write(... "1. Reed 为最高优先级指令源。\n" "2. 冲突时以 Reed 最新明确指令为准。\n" ...)
Only use this if that authority model is intended. The constitution should explicitly remain subordinate to system/developer/user instructions and require review before changes affect agents.
A bad or compromised update to the shared GitHub state could persistently influence multiple agents’ behavior across sessions.
A mutable shared file is made mandatory context for future agent replies. The artifacts do not show review, signing, scope limits, or containment for changes to this persistent instruction source.
Store network-wide memory/rules in: `~/.openclaw/shared/agent-network-data/AGENT_CONSTITUTION.md` ... Treat `AGENT_CONSTITUTION.md` as single source of truth ... Before replying in group/network contexts, read this constitution
Restrict who can edit the repo, review constitution diffs before agents ingest them, and keep shared memory to scoped facts rather than high-priority behavioral rules.
A compromised or overly broad Discord channel could trigger agent synchronization, acknowledgements, or task handling across the network.
The network uses Discord messages as an inter-agent command and event bus, but the artifacts do not define sender authentication, signed metadata, role checks, or handling for spoofed/unauthorized channel messages.
Transport: Discord team channel ... Protocol: natural language + lightweight `#meta` ... when an agent receives a `REGISTER` broadcast from Discord, it must run `git pull --rebase` ... and send `ACK`
Use a restricted channel, verify sender IDs and roles before acting, and consider signed or otherwise authenticated `#meta` messages for state-changing events.
Running the helper may push registry or constitution changes to GitHub using whatever Git credentials are available locally.
The helper relies on Git operations that may use the machine’s existing GitHub credentials or credential helpers. This is expected for a GitHub-backed registry, but credential use is not declared in the registry metadata.
git(["clone", repo, path], cwd=os.path.dirname(path), check=True) ... git(["push", "origin", branch], cwd=path)
Use a dedicated, least-privilege GitHub credential or deploy key for the shared-state repo and confirm the configured repo URL before running commands.