Omega Notation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent local notation/serializer skill with no credential, network, shell, or persistence behavior, but users should not over-trust compressed agent messages for critical decisions without validation.
This skill appears safe to use for compact structured outputs. Use it per request, not as a global output mode; avoid it for human-readable or high-stakes decisions unless you keep the original data or add full validation; and prefer explicit dictionaries when messages will be passed between agents.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could assume compressed messages are losslessly verified when the included test does not actually prove that all fields survive serialization and parsing.
This is the implemented round-trip check, and it verifies only message count and type, not full field equality. That matters because SKILL.md advertises full round-trip verification and identical object recovery.
if (deserialized.messages.length !== original.messages.length) return false;
for (let i = 0; i < original.messages.length; i++) {
if (deserialized.messages[i].type !== original.messages[i].type) return false;
}Do not use the format as the sole source of truth for critical routing, policy, or audit data unless you add stricter validation that compares complete objects.
If a receiving agent treats compact Omega messages from an untrusted or ambiguous source as authoritative, it may misinterpret routing or policy directives.
The skill is explicitly meant for agent-to-agent structured communication, including routing and policy-style messages. The artifacts define the notation but do not define trust, origin, or authorization rules for receiving agents.
Compresses structured agent outputs into ultra-dense shorthand that other agents can parse. Designed for machine-to-machine communication where every token costs money.
Use Omega notation only between trusted components, keep provenance with each message, and require normal validation or approval before any downstream high-impact action.
A later Omega message could be decoded differently than intended if the session dictionary drifts or is influenced by irrelevant context.
The auto dictionary is a session-context mechanism. It is disclosed and session-scoped, but dynamic shorthand mappings can become ambiguous if mixed with unrelated or untrusted context.
`dict=auto` — agent builds shorthand mappings over time within a session
Use `dict=none` or an explicit dictionary for sensitive workflows, and reset or restate mappings when changing tasks or agents.