Ceo Notify Agents
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is purpose-aligned with notifying agents, but it writes persistent shared-memory files through a shell script that directly embeds user-provided text, creating review-worthy command-injection and memory-poisoning risks.
Only install this if you trust the skill and understand that messages may persist in shared agent memory. The current version should be reviewed or modified to sanitize user input, validate target agent names, avoid hardcoded /Users/anran paths, and provide cleanup or retention controls.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A message or target name containing shell metacharacters could potentially cause unintended local commands or file writes when the notification runs.
The skill runs a bash script through exec and directly interpolates user-controlled trigger fields into shell variables. The artifacts do not show escaping or validation, so crafted target or message text could be interpreted by the shell depending on the runtime templating behavior.
tool: exec ... TARGETS="{{targetAgents}}" ... MESSAGE="{{message}}"Avoid installing until the skill uses a safer non-shell file-write mechanism, strictly escapes template variables, and validates target agent names.
A notification can become persistent context for future agent conversations, which may cause later agents to trust or reuse stale, incorrect, or hostile instructions.
The skill persists user-provided messages into shared-memory files and indexes them into agent memory, but does not define retention, cleanup, target validation, or how receiving agents should treat these messages.
NOTIFICATION_DIR="/Users/anran/Documents/openclaw/shared_memory/notifications" ... echo "$TIMESTAMP: $MESSAGE" >> "$NOTIFICATION_DIR/${agent}.log" ... openclaw memory index --agent mainUse this only with trusted messages and known target agents; the publisher should add clear retention controls, target allow-listing, and guidance that stored notifications are untrusted context.
The skill may fail on most systems or may run whatever executable exists at that hardcoded path if present.
Although the registry lists no required binaries and there is no install spec, the skill invokes a hardcoded local OpenClaw executable path outside the skill package.
/Users/anran/.npm-global/bin/openclaw memory index --agent main
Verify the command path before use; the skill should declare required binaries and use the current user's OpenClaw executable path instead of a publisher-specific absolute path.