Cross-Channel & Cross-Agent Skill Sharing
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is openly designed to persist and spread new tool capabilities across shared files, memory, and other agent sessions, but it lacks clear approval, recipient, rollback, and containment controls.
Review before installing. This skill may be useful for keeping agents informed about new workspace tools, but you should only use it if you are comfortable with agents updating shared skill files, writing persistent memory, and notifying other sessions. Prefer requiring manual approval for each update and each cross-session message.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unsafe capability update could become part of the workspace’s reusable agent behavior.
The skill instructs the agent to modify reusable skill instructions and scripts, which can change future agent behavior, but it does not require user approval or define rollback/review controls.
Create or update a reusable skill when pattern is repeatable: - Add/adjust `SKILL.md` - Add scripts under `scripts/`
Require explicit user confirmation before editing SKILL.md files or adding scripts, and include a review and rollback step for every persistent change.
Incorrect or poisoned capability notes could be reused by future agents and sessions as trusted workspace knowledge.
The skill creates persistent memory entries that future sessions may reuse, but it does not define retention, validation beyond a capability check, or user review before storing the information.
Log event in `memory/YYYY-MM-DD.md`: - What changed - How to verify - Any limits/known caveats
Only write memory after user approval, keep entries limited to verified facts, include source information, and provide a way to remove or correct stale entries.
Capability information or invocation instructions may be sent to other active sessions without the user explicitly choosing recipients.
The instruction tells the agent to message other sessions or agents, but the recipient boundary, identity checks, and user approval requirements are not defined.
Propagate to active related sessions/agents: - If likely relevant, send brief sync via `sessions_send`
Require the user to approve the exact sessions, message content, and timing before using cross-session communication.
One bad or premature capability assumption could spread across files, memory, and other sessions, making it harder to contain or correct.
A single capability change can trigger multiple persistent file updates, memory writes, chat notices, and cross-session propagation, with no containment or staged approval described.
Execute this workflow whenever workspace capability changes ... Update `TOOLS.md` ... Create or update a reusable skill ... Log event in `memory/YYYY-MM-DD.md` ... Propagate to active related sessions/agents
Gate the workflow behind explicit approval, separate verification from propagation, limit updates to selected files/sessions, and document how to undo each change.