ClawHub

S2-Nomad-Agent-Protocol

v1.1.0

Instructs the OpenClaw agent on how to request geolocation, claim P-SSSU Habitable Slots with user consent, and negotiate boundaries with other agents in the...

0· 57·0 current·0 all-time
byMilesXiang@spacesq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (nomad agent: geolocation, claiming P-SSSU slots, boundary negotiation) align with the included files: SKILL.md specifies user-consent flows and the handler.py implements ledger, claim, and ripple expansion logic. Declared permissions (geolocation, environmental_sensors, execute_nomad_expansion) match the described capabilities.
Instruction Scope
SKILL.md explicitly requires explicit user consent prior to reading GPS or invoking expansion tools, which is good. However, the plugin manifest declares device permissions (geolocation/environmental_sensors). That is coherent with the feature set, but it raises an operational question: the platform must enforce the SKILL.md consent flow rather than allowing silent sensor access. Confirm that runtime enforces human-in-the-loop checks before any sensor read or tool invocation.
Install Mechanism
No install spec or external downloads are present; this is effectively an instruction-only skill with an included Python handler. Nothing is fetched from remote URLs or written to unusual locations.
Credentials
The skill requests no environment variables or credentials. The capabilities and permissions are proportionate to a geolocation/territory management tool. There are no unrelated secrets requested.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes. The manifest grants network access to localhost; while that's reasonable for interacting with local BMS or telemetry services (mentioned in SKILL.md), localhost access can touch sensitive local services. Ensure the platform prompts before granting those permissions and that the skill cannot enable persistent background sensor reads without consent.
Assessment
This skill appears coherent and implements the consent-first behavior described in its documentation, but before installing you should: (1) verify that the OpenClaw runtime will prompt the user and block any sensor reads until explicit consent is given (the SKILL.md requires this but the manifest still lists geolocation/device permissions); (2) consider whether granting 'localhost' network access is acceptable (it could communicate with local BMS or home-automation services); (3) review handler.py locally (it is short and self-contained) and run it in a sandbox first if you can; and (4) do not grant any 'always-on' or background sensor permissions unless you trust the author and have confirmed the platform enforces human-in-the-loop checks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6mwxe3cegqwbdrbyrqt09s849dt8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments