Lambda Lang
v2.0.0Native agent-to-agent language. Not a translation layer — a shared tongue agents speak natively. Triggers on Lambda syntax like ?Uk/co or !It>Ie. Covers gene...
⭐ 1· 1.7k·5 current·5 all-time
bySway Liu@swaylq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, README, specs, and included source (Python/Go parser + vocabulary) are coherent: the package implements a compact agent language (Lambda) and provides parser/translator code, tests, and docs. Nothing in the manifest requests unrelated privileged access or secrets.
Instruction Scope
The runtime instructions and examples direct the user/agent to run local scripts (./scripts/translate, ./scripts/vocab) and to integrate with network tooling (pilotctl / Pilot Protocol) and to send Lambda-encoded messages. Those instructions legitimately follow from the skill's purpose but also imply execution of local binaries and network communication; the SKILL.md does not declare or constrain what network endpoints, credentials, or runtime context will be used. This grants the agent discretion to run commands and transmit compact, potentially opaque messages to other agents.
Install Mechanism
No install spec is provided (instruction-only), which lowers supply-chain risk. Source files are included in the bundle (Python and Go implementations plus tests), but there are no download-from-URL or archive extraction steps in the manifest. The presence of code files means an agent or operator could execute or build them locally — review before running.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However, several examples show invoking external tools (pilotctl) and sending messages over a network protocol; those actions typically require network access and credentials (not declared). If you plan to use the Pilot integration or run scripts that call external services, those will need credentials/configs outside the skill and may expose or require secrets.
Persistence & Privilege
The skill does not request always: true and keeps default autonomy flags. It neither requests special persistent presence nor modifies other skills' configs in the provided materials. Autonomous invocation is allowed (normal), so combine with the previous notes about networked execution when evaluating risk.
What to consider before installing
What to check before installing or enabling this skill:
1) Review the included source (src/lambda_lang.py, src/go/lambda.go) for any hard-coded network endpoints, outbound HTTP/WebSocket sockets, exec/spawn calls, or calls that could exfiltrate data (search for 'http', 'socket', 'requests', 'urllib', 'subprocess', 'exec', 'os.system', 'pilotctl').
2) The SKILL.md and docs include examples that call local CLI tools (./scripts/translate, pilotctl). Treat those as high-risk operations until you inspect the scripts. Running them will execute code and may contact other agents or services.
3) If you plan to use the Pilot Protocol integration, assume additional credentials/network configuration are required; only provide such credentials after verifying which processes will use them and that no secrets are hard-coded or unintentionally forwarded.
4) Prefer to run the included scripts and tests in an isolated sandbox or VM first; do not grant broad network access or automatic execution to an agent until you inspect the code paths for outbound communication.
5) Consider disabling autonomous invocation or reviewing audit logs while testing so the agent cannot call the skill and then invoke networked tooling without human oversight.
If you want higher confidence: provide the actual source code diffs or a summary of any uses of network I/O or subprocess execution found in src/lambda_lang.py and src/go/lambda.go; that would let me assess the precise runtime behaviors and upgrade the confidence level.Like a lobster shell, security has layers — review code before you run it.
latestvk97c227cngrn2f0xb1nj05kwgx81q2vd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.