← Back to Skills Marketplace
agentrelay
by
extraterrest
· GitHub ↗
· v1.1.1
· MIT-0
515
Downloads
0
Stars
1
Active Installs
11
Versions
Install in OpenClaw
/install agentrelay
Description
Reliable agent-to-agent communication protocol for transferring large payloads via shared files with pointer references and secret code verification. Trigger...
README (SKILL.md)
AgentRelay 📨
Reliable Agent-to-Agent Communication Protocol — Solves sessions_send timeout issues for large payloads using shared files + short message pointers.
🎯 When to Use This Skill
When you see messages like the following, immediately use this Skill to handle:
Please use AgentRelay skill to handle this message:
REQ,event_001,s/event_001.json,,
Or
📨 AgentRelay Protocol Message
Please use AgentRelay skill to handle:
- Message Type: REQ
- Event ID: event_001
- File Pointer: s/event_001.json
Key Trigger Phrases:
- "use AgentRelay skill to handle"
- "AgentRelay protocol message"
- "Use AgentRelay"
When you see these keywords, immediately execute the Commands below!
🚀 Quick Start
Standard Flow After Receiving AgentRelay Message
Step 1: Parse Message
python3 {baseDir}/run_relay.py receive "REQ,event_001,s/event_001.json,,"
Example output:
{
"type": "REQ",
"event_id": "event_001",
"content": {
"task": "write_poem",
"sender_agent": "agent:sender:main",
"receiver_agent": "agent:worker:main"
},
"secret": "ABC123"
}
Step 2: Understand Task and Execute
Check the content field to understand what needs to be done (e.g., write poem, analyze data, generate report).
Step 3: Update Result
python3 {baseDir}/run_relay.py complete event_001 "Task completed" "agent:sender:main"
Step 4: Send CMP Confirmation
# generate CMP message (done automatically by run_relay.py complete)
# Output: CMP,event_001,,,ABC123
# Then send via sessions_send
sessions_send(target='agent:sender:main', message='CMP,event_001,,,ABC123')
📚 Commands
receive \x3Ccsv_message>
Parse AgentRelay CSV message and read shared file content.
Accepts either bare CSV or a full message with the AgentRelay: prefix.
Parameters:
csv_message: CSV format message (withoutAgentRelay:prefix)
Example:
python3 {baseDir}/run_relay.py receive "REQ,event_001,s/event_001.json,,"
Output (JSON):
{
"type": "REQ",
"event_id": "event_001",
"ptr": "s/event_001.json",
"content": {...},
"secret": "ABC123"
}
update \x3Cevent_id> \x3Cjson_updates> [next_event_id]
Update shared file content.
Parameters:
event_id: Event IDjson_updates: JSON format updates (merged intopayload.content)
Example:
python3 {baseDir}/run_relay.py update event_001 '{"status":"completed","result":"done"}'
Output:
{"status":"ok","file":"/path/to/event_001.json","ptr":"s/event_001.json"}
cmp \x3Cevent_id> [secret]
Generate CMP confirmation message.
Parameters:
event_id: Event IDsecret: Secret Code read from file
Example:
python3 {baseDir}/run_relay.py cmp event_001 ABC123
Output:
{
"status": "ok",
"cmp_message": "CMP,event_001,,,ABC123",
"instruction": "Call sessions_send with message='CMP,event_001,,,ABC123'"
}
verify \x3Ccmp_message>
Verify that a received CMP message matches the secret stored in the event file.
Example:
python3 {baseDir}/run_relay.py verify "CMP,event_001,,,ABC123"
Output:
{
"status": "ok",
"event_id": "event_001",
"verified": true
}
🔄 Complete Communication Flow
Sender Agent
# 1. Prepare data
content = {
"task": "write_poem",
"sender_agent": "agent:sender:main",
"receiver_agent": "agent:worker:main"
}
# 2. Write to shared file
from agentrelay import agentrelay_send
result = agentrelay_send("agent:worker:main", "REQ", "event_001", content)
# 3. Send message with prefix
message = f"AgentRelay: {result['csv_message']}"
sessions_send(target='agent:worker:main', message=message)
Receiver Agent
# 1. Receive message: AgentRelay: REQ,event_001,s/event_001.json,,
# 2. Parse message
python3 {baseDir}/run_relay.py receive "REQ,event_001,s/event_001.json,,"
# → Get content and secret
# 3. Understand task, call LLM to execute
# (This is your LLM capability)
# 4. Update result
python3 {baseDir}/run_relay.py update event_001 '{"status":"completed"}'
# 5. Send CMP
CMP_OUTPUT=$(python3 {baseDir}/run_relay.py cmp event_001 SECRET)
CMP_MSG=$(echo "$CMP_OUTPUT" | jq -r '.cmp_message')
sessions_send(target='agent:sender:main', message="$CMP_MSG")
📊 Message Format Details
CSV Format
TYPE,ID,PTR,,DATA
Field Descriptions:
TYPE: Message type (REQ | CMP)ID: Event ID (unique identifier)PTR: File pointer (e.g.,s/event_id.json)RESERVED: Reserved field (leave empty)DATA: Additional data (Secret Code for CMP)
Examples:
REQ,event_001,s/event_001.json,, # Request
CMP,event_001,,,ABC123 # Completion confirmation
Full Message (with prefix)
AgentRelay: REQ,event_001,s/event_001.json,,
Why need prefix?
- ✅ Clearly identifies this as AgentRelay protocol message
- ✅ LLM immediately knows to call AgentRelay Skill when seeing it
- ✅ Avoids confusion with other messages
🛡️ Security Mechanisms
1. Secret Code Verification
- Sender generates 6-character random code (e.g.,
ABC123) - Secret is written to file
- Receiver must return the same Secret when sending CMP
- Sender verifies Secret matches, ensuring receiver actually read the file
2. Burn-on-read (Optional)
When burn_on_read=true is set in meta or payload.content, the file is automatically deleted after reading to protect sensitive data.
📁 Data Storage
- Shared Files:
~/.openclaw/data/agentrelay/storage/*.json - Transaction Logs:
~/.openclaw/data/agentrelay/logs/transactions_*.jsonl - Registry:
~/.openclaw/data/agentrelay/registry.json
🧪 Testing and Examples
Smoke Test
python3 {baseDir}/smoke_test.py
Pytest Regression Suite
pytest {baseDir}/test_agentrelay.py
Cleanup Expired Events
python3 {baseDir}/cleanup_relay.py
Verify a CMP
python3 {baseDir}/run_relay.py verify "CMP,r1_r,,,ABC123"
❓ FAQ
Q: Why use AgentRelay instead of direct sessions_send?
A: sessions_send tends to timeout when transmitting messages larger than 30 characters. AgentRelay uses shared files + short pointers (less than 30 characters) to transmit arbitrarily large data.
Q: What is Secret Code for?
A: Secret Code is a 6-character random code used to verify the receiver actually read the file. Receiver must return the correct Secret in CMP, and sender can verify it with verify.
Q: How long are files retained?
A: Files are retained for 24 hours by default. You can adjust this with ttl_hours, enable burn_on_read to delete immediately after reading, and run cleanup_relay.py to sweep expired files and old registry entries.
📖 More Documentation
- README.md - Project overview
- RELEASE_NOTES.md - Release notes
Version: v1.1.0
Last Updated: 2026-02-28
Author: AgentRelay Team
Maintainer: AgentRelay Team
Usage Guidance
This skill mostly does what it says (file-backed message pointers + secret verification) and has no network exfil endpoints, but it does not validate pointer fields. An attacker or a malicious agent message could supply a pointer like '/etc/passwd' or '../some/other/path' and the skill will read (and, if burn_on_read is set, delete) that path. Before installing or enabling this skill: 1) Review or patch __init__.py.resolve_alias/agentrelay_receive/agentrelay_update to enforce that ptr values must use the storage alias (e.g., start with 's/') and reject absolute or parent-relative paths; 2) Ensure burn_on_read deletes only files under the configured OPENCLAW_DATA_DIR; 3) Run the included tests in an isolated sandbox and set OPENCLAW_DATA_DIR to a dedicated directory (don't use your real home directory); 4) If you accept remote-triggered execution via the skill trigger patterns, consider restricting who can send AgentRelay messages or require an out-of-band confirmation step before executing filesystem actions. If you cannot audit or fix the pointer validation, treat this skill as unsafe for use with untrusted agents or inputs.
Capability Analysis
Type: OpenClaw Skill
Name: agentrelay
Version: 1.1.1
The skill contains significant path traversal vulnerabilities in the `resolve_alias` and `agentrelay_update_file` functions within `__init__.py`. These flaws allow an attacker to craft a protocol message that tricks the agent into reading or overwriting arbitrary JSON files on the system by manipulating the file pointer (`ptr`) or `event_id` fields. Furthermore, the `SKILL.md` instructions use forceful language to compel the AI agent to immediately execute these commands upon seeing specific trigger patterns, creating a high-risk 'confused deputy' scenario where the agent could be used to exfiltrate or corrupt data.
Capability Assessment
Purpose & Capability
Name/description align with code and docs: the package implements a file-backed relay (write file, send short pointer, verify secret). No network endpoints, external services, or unrelated credentials are requested.
Instruction Scope
SKILL.md instructs agents to 'immediately execute' the run_relay.py commands when trigger phrases appear (normal for a skill), but the implementation will resolve ptrs that are not validated as storage aliases. If a message contains a pointer not starting with the storage alias (e.g., an absolute path or '../..' path), resolve_alias returns that path and the code will read (and, in burn-on-read flows, delete) arbitrary files outside the intended storage directory. The instructions and examples assume 's/...' pointers only but do not mandate or enforce them.
Install Mechanism
Instruction-only install (no external downloads or installers). Files are included in the package but there is no install script that fetches remote code. Risk from install mechanism itself is low.
Credentials
The skill declares no required environment variables, but the code honors OPENCLAW_DATA_DIR if set (fallback to ~/.openclaw/data). That's reasonable, but the skill did not declare this env var in metadata. No credentials are requested or used.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It writes its own files under a configurable data dir and maintains a registry/logs — behavior consistent with its purpose.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agentrelay - After installation, invoke the skill by name or use
/agentrelay - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Add MIT license to SKILL.md; remove __pycache__ bytecode files
v1.1.0
Removed legacy compatibility layers, switched fully to explicit sender/receiver metadata, added cleanup tooling, and aligned the public CLI/docs around REQ/CMP.
v1.0.1-alpha.3
- Added a new example file: mahjong_relay.md
- Updated documentation files (README.md, SKILL.md) with minor improvements and version bump to v1.0.1-alpha.3
- No protocol, command, or API changes—documentation and example additions only
v1.0.1-alpha.2
- Version bump to v1.0.1-alpha.2.
- Documentation (SKILL.md) updated to reflect new version.
- No functional or interface changes; update is documentation and metadata-only.
v1.0.1-alpha.1
- Version updated to v1.0.1-alpha.1.
- Documentation "Version" metadata updated from v2.0.0 to v1.0.1-alpha.1 in SKILL.md.
- No code or functional changes; SKILL.md content remains otherwise unchanged.
v2.0.1
AgentRelay 2.0.1
- Documentation fully updated to English with clearer examples and instructions.
- Message triggers and descriptions now use consistent English phrasing.
- Clarified command usage and quick start instructions.
- No protocol or API changes (documentation updates only).
- Improved message and security explanations for easier onboarding.
v2.0.0
AgentRelay 2.0.0 — 全面升级的 Agent 间高可靠通信协议
- 使用共享文件存储+短消息指针,彻底解决 sessions_send 在大 payload 场景下的超时与不稳定问题
- 新增 Secret Code 校验、burn-on-read 可选安全机制,以及完整性校验,提升通信安全
- 重写和扩展了标准操作流程与命令行工具(receive、update、ack 等),文档更完善
- 明确 AgentRelay 协议识别前缀和触发关键词,保证 LLM 可准确调用
- 丰富 FAQ、通信流程与多跳 relay 测试示例,提高易用性和健壮性
v1.4.0
v1.4.0 CRITICAL SECURITY FIX: Removed ALL hard-coded absolute paths. Scripts use Path(__file__).parent, data uses os.getenv(OPENCLAW_DATA_DIR). Safe for multi-user deployment.
v1.3.0
v1.3.0 - Removed ALL hard-coded paths (use __file__ and env vars), fixed imports, changed always:true to triggerPatterns, sanitized package for general-purpose usage
v1.2.0
Clean version without sensitive info
v1.0.0
- Initial release of AgentRelay: an agent-to-agent communication protocol for reliable large payload delivery.
- Solves sessions_send timeout issues by using file pointer + secret mechanism.
- Provides commands for message receive, update, and ACK handling.
- Full documentation for usage, communication flow, security, and message formats included.
- Supports advanced features: secret verification, burn-on-read, and integrity checks.
- Includes troubleshooting, testing scripts, and links to further documentation.
Metadata
Frequently Asked Questions
What is agentrelay?
Reliable agent-to-agent communication protocol for transferring large payloads via shared files with pointer references and secret code verification. Trigger... It is an AI Agent Skill for Claude Code / OpenClaw, with 515 downloads so far.
How do I install agentrelay?
Run "/install agentrelay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is agentrelay free?
Yes, agentrelay is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does agentrelay support?
agentrelay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created agentrelay?
It is built and maintained by extraterrest (@extraterrest); the current version is v1.1.1.
More Skills