ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Inter Agent Communication

Agent cross-session communication solution. Uses sessions_spawn to create subagent sessions for inter-agent calls. (Agent间跨会话通讯方案。使用 sessions_spawn 创建带 label...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 190 · 1 current installs · 1 all-time installs
bymsx.pan@panmenglin
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md instructions, and communicator.js all focus on cross-agent session lookup, creation, sending, and protecting sessions. The required capabilities align with the stated purpose and no unrelated credentials or binaries are requested.
!
Instruction Scope
Instructions closely follow the code (sessions_list → sessions_spawn → sessions_send). However SKILL.md and the code instruct use of exec to run a CLI command that interpolates sessionKey (openclaw sessions cleanup --active-key "${sessionKey}" --enforce) with no guidance on sanitization or validation. If sessionKey can be attacker-controlled or contains special characters, this creates a shell injection / arbitrary command-execution risk. The instructions also assume the agent has privileges to list/spawn/send sessions and to run the openclaw CLI.
Install Mechanism
Instruction-only skill (no install spec). Included JS helper is small and consistent with the SKILL.md. No external downloads or installers are present.
Credentials
No environment variables, secrets, or unrelated config paths are requested. The requested actions (session APIs and a cleanup CLI) are proportionate to the stated task.
Persistence & Privilege
always is false and the skill is user-invocable. The skill explicitly instructs protecting subagent sessions from auto-cleanup (longer-lived sessions) via the openclaw CLI, which changes lifecycle behavior on the platform and could be used to create persistent channels or exhaust resources; this is expected for the feature but worth reviewing for abuse potential.
What to consider before installing
This skill appears to do what it says (look up or spawn labeled subagent sessions and send messages). Key risk: it tells the agent to run a shell command that includes the sessionKey without any sanitization, which could enable command injection if sessionKey can be influenced by an attacker or untrusted agent. Before installing or using: (1) confirm how exec is implemented on your platform—does it invoke a shell or pass safe argument arrays? (2) ensure sessionKey values are validated/sanitized (reject/control quotes, semicolons, backticks, etc.) before interpolation; prefer a non-shell API that accepts arguments separately. (3) Limit which agents can create or control session labels; treat subagent sessions as privileged channels. (4) Review and restrict the agent runtime permissions needed to call sessions_list/spawn/send and to run the openclaw CLI. If you cannot verify that exec is safe or cannot enforce input validation, consider this skill risky to enable.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97bs3tsd75ghz19gk2ermd8t1832tzn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agent Communication

⚠️ Important Rules

NEVER reuse agent-human conversation sessions!

  • Human-agent session format: agent:xxx:feishu:direct:ou_xxx
  • Agent-Agent calls MUST use sessions_spawn to create subagent sessions

Strict Workflow (Do Not Skip)

Step 1: Check for Existing Session

sessions_list({ limit: 50 })

Find in results:

  • Contains "subagent" marker
  • Label matches sender-to-receiver or receiver-to-sender (bidirectional check)

Example:

  • If main wants to find sienna, look for main-to-sienna or sienna-to-main
  • Either one works, no need to create new

Step 2: Create New Session (if none found)

If Step 1 returns nothing, create with sessions_spawn:

sessions_spawn({
  label: "main-to-sienna",  // Format: sender-to-receiver
  runtime: "subagent",
  task: "",                 // Task goes in Step 3
  mode: "run"
})

Step 3: Send Message

sessions_send({
  sessionKey: "agent:main:subagent:xxx",  // From Step 1 or 2
  message: "Task description..."           // Actual task here
})

⚡ Key Rules (Must Follow)

  1. No skipping Step 1: Must run sessions_list first
  2. No shortcuts: Must follow Step 1 → 2 → 3
  3. Bidirectional reuse: a-to-b and b-to-a both work, no need for two
  4. Reply to sender directly: Without special instructions, reply to the initiator
  5. Use subagent marker: sessionKey must contain "subagent"

❌ Wrong Examples

// Wrong 1: Create without checking
sessions_spawn({...})  // Must check first!

// Wrong 2: Use human conversation session
sessionKey: "agent:sienna:feishu:direct:ou_xxx"  // Forbidden!

// Wrong 3: Create both directions
// main-to-sienna and sienna-to-main - one is enough!

// Wrong 4: Reply to others
// Should reply directly to sender, no forward or group post

SessionKey Format Guide

TypeFormat ExampleUsable for Agent-Agent?
Agent-Human DMagent:sienna:feishu:direct:ou_xxx❌ Forbidden
Agent in Groupagent:sienna:feishu:group:oc_xxx❌ Forbidden
Subagent Sessionagent:maxwell:subagent:xxx✅ Allowed

Response Rules

Default: Response goes directly to the sender

  • Sender sends message → Reply directly to sender
  • No need to forward to others
  • No need to post to group
  • Unless sender explicitly asks to forward

Workflow Pseudocode

1. Call sessions_list({ limit: 50 })
2. Loop through results, find both:
   - Contains "subagent" marker
   - Label matches "sender-to-receiver" OR "receiver-to-sender"
3. Found → Use that sessionKey, goto Step 5
4. Not found → Create with sessions_spawn, save sessionKey
5. Call sessions_send({ sessionKey, message })
6. Done

Current Active Channels (Reference)

AgentLabelsessionId
leomaxwell-to-leo9d519dc9-0239-4284-8077-3ed4bccd486d
siennamaxwell-to-sienna05a93e6d-4a50-4503-a9c8-4aaf7da8c414
letusmaxwell-to-letus391a4a78-43ab-4e04-95fe-abfd414b1c64
codingmaxwell-to-codingebba5ff4-87f6-430b-80e5-269319b122c0
mainmaxwell-to-maind7eb2edc-7acc-40e7-838d-8a9cb08820c0

Notes

  • thread=true mode temporarily unavailable
  • Labeled subagent sessions can be found by sessions_list
  • mode="session" requires thread=true, currently unavailable

Session Protection Mechanism (New)

Step 2.5: Protect Session (Run After Creation)

New subagent sessions may be auto-cleaned by default. To ensure long-term availability, protect after creation:

// Protect session from auto-cleanup
exec({
  command: `openclaw sessions cleanup --agent [target-agent] --active-key "${sessionKey}" --enforce`
})

Note: Replace ${sessionKey} with actual sessionKey

Complete Flow (With Protection)

Step 1: Check for Existing Session

sessions_list({ limit: 50 })

Step 2: Create New Session (if none found)

sessions_spawn({
  label: "main-to-sienna",
  runtime: "subagent",
  task: "",
  mode: "run"
})
// Returns sessionKey, format: agent:xxx:subagent:xxx

Step 2.5: Protect Session (New)

exec({
  command: `openclaw sessions cleanup --active-key "agent:xxx:subagent:xxx" --enforce`
})

Step 3: Send Message

sessions_send({
  sessionKey: "agent:main:subagent:xxx",
  message: "Task description..."
})

Last updated: 2026-03-17

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…