中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:18 hr ago Rescan
20 /100
agent-communication
Agent cross-session communication solution using sessions_spawn for subagent session management
The skill is a legitimate inter-agent communication utility using OpenClaw's sessions_* APIs. The only shell execution (exec for openclaw CLI) is documented in SKILL.md's Session Protection section but not formally declared in the header capability section.
Skill Nameagent-communication
Duration42.9s
Enginepi
Safe to install
Add shell:WRITE to the declared capabilities in SKILL.md header since exec is used. No removal needed.

Findings 2 items

Severity Finding Location
Low
shell:WRITE capability not declared in SKILL.md header Doc Mismatch
The protectSession function in scripts/communicator.js uses exec() to run 'openclaw sessions cleanup' commands. This is documented in the 'Session Protection Mechanism' workflow section of SKILL.md, but the skill header declares no capabilities at all, leaving shell:WRITE usage completely undeclared in the formal capability section.
const result = await exec({ command: `openclaw sessions cleanup --active-key "${sessionKey}" --enforce` });
→ Add shell:WRITE to the SKILL.md header's declared capabilities section if exec is a supported tool.
 scripts/communicator.js:79
Low
skill_invoke capabilities not formally declared Doc Mismatch
The skill heavily relies on sessions_list, sessions_spawn, and sessions_send (skill_invoke resources), which are described in the workflow documentation but never formally declared in the skill header.
--- name: agent-communication --- (no capability declaration follows)
→ Add skill_invoke:READ to the SKILL.md header if these are intended to be permitted tools.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Skill Invoke NONE READ ✓ Aligned SKILL.md documents sessions_list/sessions_spawn/sessions_send usage but header h…
Shell NONE WRITE ✗ Violation scripts/communicator.js:79 uses exec({command: 'openclaw sessions cleanup...'}),…

File Tree

2 files · 7.6 KB · 314 lines
Markdown 1f · 196L JavaScript 1f · 118L
├─ 📁 scripts
│ └─ 📜 communicator.js JavaScript 118L · 2.8 KB
└─ 📝 SKILL.md Markdown 196L · 4.8 KB

Security Positives

✓ No credential harvesting or sensitive data access observed
✓ No network exfiltration, C2, or data theft behavior
✓ No base64 encoding, obfuscation, or anti-analysis techniques
✓ No curl|bash remote script execution
✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths
✓ No persistence mechanisms (cron, startup hooks, backdoors)
✓ exec usage is scoped to a specific, documented CLI command (openclaw sessions cleanup)
✓ Code is readable and straightforward — no hidden functionality beyond what is documented