Interpersonal Knowledge Layer

This skill appears coherent and does what it says: it creates and enforces a per-contact permission gate by storing contacts, permissions, knowledge, and an audit log in a local ikl/ directory. Before installing, consider the following: (1) ikl/ will hold sensitive data (knowledge.json and audit.json may include exact shared values) — ensure that directory is access-controlled or encrypted and that retention/rotation policies are defined; (2) the agent must have trustworthy message metadata (platform IDs) to safely map senders to contacts — verify your agent supplies this and you should verify contact identifiers during setup; (3) audit.json intentionally records what was shared for traceability, which increases local exposure if logs are not protected; (4) the SKILL.md contains guidance on prompt-injection resistance (the scanner flagged that text) — this is defensive, but you should still test the agent's actual resistance to injected messages in your environment; (5) review and adjust default permission matrix to match your privacy preferences; and (6) treat the skill as a local policy enforcer only — it does not provide remote verification of other agents' identities, so keep contact mappings updated. If you need help hardening storage (encryption, secure ACLs) or testing the agent's enforcement, do that before adding sensitive data.

These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.