🔗 agent-link-local-agent — 跨机Agent互联
v1.0.0通过中转服务器让不同电脑上的OpenClaw实例与Agent安全互联,实现分布式智能体协同。
1· 60·0 当前·0 累计
by @ericshpych下载技能包
最后更新
2026/4/4
安全扫描
OpenClaw
可疑
high confidenceThe skill claims a two-part relay/server system but only the local client is present and some requirements (like the openclaw binary and server scripts) don't match the shipped files—this mismatch and missing server code are suspicious and deserve verification before use.
评估建议
Do not install or deploy this skill until the author fixes the packaging inconsistencies. Specifically:
- The repository claims a relay server component but the relay_server.py and related docs are missing—ask the publisher for the missing server code and a security review of that server before exposing it on the public internet.
- The SKILL.md and README reference a 'setup.py' and install-relay.md that do not exist in the package; this makes it impossible to verify what the server would do. Tr...详细分析 ▾
⚠ 用途与能力
The README/SKILL.md describe both a 'relay server' and a 'local Agent' but the package only contains the local client (scripts/local-agent/agent_link.py) and the install docs for the agent; the relay-server scripts and docs referenced in SKILL.md/README (e.g., relay_server.py, docs/install-relay.md, scripts/relay-server/) are not present. The declared required binaries include 'openclaw' even though the client code does not call or depend on an OpenClaw binary, which is disproportionate to the shipped code.
⚠ 指令范围
Runtime instructions tell users to install and run a relay_server and a local setup.py that are referenced but not included. The local client code itself behaves as described (connects to a relay WebSocket and signs messages with HMAC-SHA256) and does not attempt to read unrelated system files or environment variables, but the SKILL.md grants the agent discretion to 'install relay server' steps that cannot be audited because the server code is missing from the package.
✓ 安装机制
There is no install spec (instruction-only skill) and no external downloads; the only executable code present is the local client. This is lower risk than a skill that downloads or extracts remote archives.
⚠ 凭证需求
The package requests no environment variables, which is fine, but the manifest requires the 'openclaw' binary even though the provided client code has no dependency on it. The client uses a shared 'secret' stored in a config file (example provided) — storing shared secrets in plain config files is a security risk and the SKILL.md/README recommend not doing so, but the package does not provide alternate secure secret-storage or server-side key-exchange mechanisms.
✓ 持久化与权限
The skill is not always: true and does not request elevated persistence. It does not attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (not a unique concern in itself).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/4
Agent Link 1.0.0 - Initial Release - Introduces secure, cross-device communication for OpenClaw agents via a relay server. - Includes relay server and local agent components for message relaying and handling. - Supports agent identity registration, message signing (HMAC-SHA256), and verification. - Provides auto-reconnect, status monitoring, and detailed configuration options. - Designed with strict security: message forwarding only, no message persistence on server.
● 无害
安装命令
点击复制官方npx clawhub@latest install agent-link-local-agent
镜像加速npx clawhub@latest install agent-link-local-agent --registry https://cn.longxiaskill.com