BORT Agent (BAP-578)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed author value could break or alter the request payload, and the message is delivered to whatever BORT runtime URL is configured.
The helper sends user-provided message data to the configured BORT runtime using a raw REST POST. This is the skill's core purpose, but the optional author value is interpolated directly into JSON rather than escaped like the message body.
RESPONSE=$(curl ... -X POST "$BORT_URL/agents/$AGENT_ID/messages" ... -d "$PAYLOAD" ...); "author": "$AUTHOR"
Use simple author identifiers, verify the BORT runtime URL before sending, and prefer updating the script to JSON-escape the author field as well.
Sensitive information or misleading instructions sent to an agent may be retained by that BORT agent runtime and affect later responses.
The referenced BORT platform may retain recent conversation history, so messages sent through this skill can influence later agent context.
- **Conversation memory** - Last 20 messages per channel/chat
Avoid sending secrets or high-impact instructions unless you trust the runtime and understand its retention and memory-clearing behavior.
Your messages may be processed outside OpenClaw by the configured BORT runtime and may be routed or queued by that runtime.
The skill intentionally relays user messages to another autonomous AI agent/runtime and queues responses through that system.
The agent's AI soul processes the message and generates a response. The response is queued in the WebAPI connector's outbound queue.
Confirm the agent ID and BORT_RUNTIME_URL point to a trusted runtime, and treat returned agent/persona content as untrusted external output.