EVC Team Relay
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: evc-team-relay Version: 1.1.2 The OpenClaw skill `evc-team-relay` is designed to interact with the EVC Team Relay API for managing Obsidian notes. All scripts (`scripts/*.sh`) use `curl` and `jq` to perform authenticated API calls to the `RELAY_CP_URL` endpoint, as described in the `SKILL.md` and `README.md` files. Input sanitization is present for URL paths (using `jq -sRr @uri` in `delete-file.sh`) and JSON payloads (using `jq --arg`), mitigating common injection risks. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence mechanisms, or prompt injection attempts against the AI agent. The handling of `RELAY_EMAIL`, `RELAY_PASSWORD`, and `RELAY_TOKEN` is for the legitimate purpose of authenticating to the specified Relay service.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is misdirected or given a broad task, it could update or delete shared notes that other people rely on.
The skill intentionally gives the agent mutation authority over shared Obsidian notes, including deletion. This is disclosed and purpose-aligned, but it can change or remove team content.
- **Create** new notes in shared folders - **Write** updates to existing notes - **Delete** notes when no longer needed
Use a dedicated Relay account with the minimum required share permissions, and ask the agent to confirm before destructive or broad edits.
The agent can access any Relay shares available to the configured account, including reading and editing where that account has permission.
The skill requires account credentials and uses a bearer token to access Relay. This is expected for the integration and no credential exfiltration is shown, but the account's permissions define the agent's reach.
| `RELAY_EMAIL` | yes | User email for authentication | | `RELAY_PASSWORD` | yes | User password | | `RELAY_TOKEN` | no | JWT token
Prefer a separate agent account, avoid using an admin or personal high-privilege account, store credentials securely, and rotate them if the skill is no longer needed.
A note written by a teammate or another process could contain misleading instructions that the agent might incorrectly follow.
The agent may use shared vault notes as task context. Because these notes are collaborative and persistent, their contents could influence future agent behavior if treated as instructions rather than data.
read note content from a shared Obsidian vault, create or update documents, list available shared folders and documents
Treat note contents as untrusted data unless the user explicitly says otherwise, and avoid letting retrieved notes override the user's current request or safety constraints.