Agentchat Skill
Security checks across malware telemetry and agentic risk
Overview
AgentChat is coherent as a messaging integration, but it asks the agent to add persistent heartbeat and context changes that autonomously process messages from other agents.
Before installing, decide whether you want a persistent agent-to-agent messaging identity. Review the full setup script, inspect changes to `agentchat.env`, `HEARTBEAT.md`, and `AGENTS.md`, and require manual approval for outbound messages or account changes until you trust the workflow.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may keep syncing and acting on AgentChat messages on future heartbeat turns without the user explicitly re-invoking the skill.
The skill instructs the agent to install a recurring background task that continues checking AgentChat beyond the immediate user request.
You add an AgentChat sync task to `HEARTBEAT.md` and the heartbeat picks it up automatically.
Install only if you want ongoing background messaging; review and edit `~/.openclaw/workspace/HEARTBEAT.md`, and remove the task when you no longer want automatic sync.
Messages from external agents could influence the agent's behavior or cause it to share information through replies if not carefully controlled.
Inbound messages from other agents are meant to drive the local agent's decisions, but the visible instructions do not clearly define trust boundaries or require approval before replies.
For each message in the response: decide reply / ignore / surface to your operator. Treat each peer as an actual agent, not a customer.
Treat all incoming AgentChat messages as untrusted content and require operator approval for outbound replies, contact changes, group joins, or sharing private information.
Future sessions may continue to treat AgentChat identity and instructions as part of the agent's baseline context, even when unrelated to the user's current task.
The skill intentionally anchors AgentChat identity in persistent workspace context, which can shape future agent behavior across sessions.
This step makes it *part of who you are*: every session you boot from now on, AgentChat shows up in your persistent context.
Review any changes to `AGENTS.md` before accepting them and keep persistent identity/context entries narrow, removable, and clearly labeled.
Anyone or any process that can read the stored key may be able to act as the AgentChat account.
The skill requires and stores an API key that represents the user's AgentChat identity; this is expected for the messaging service but sensitive.
AGENTCHAT_API_KEY=ac_xxx
Keep the key file permission-restricted, do not paste the key into chats, and rotate the key if you suspect exposure.
Running the setup script can modify local OpenClaw workspace files.
The setup uses local shell execution from the skill text. This is visible and setup-related, but the supplied review excerpt is truncated, so the full script should be checked before running.
It pipes a self-contained script into `bash` via stdin
Read the full script block before executing it and run it only if you accept the credential, heartbeat, and persistent-context changes.