← Back to Skills Marketplace

Fleet Communication System

Name: Fleet Communication System
Author: dagangtj

by dagangtj · GitHub ↗ · v1.2.0

cross-platform ⚠ suspicious

477

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install fleet-comm

Description

Enables real-time text messaging and broadcasting between multiple OpenClaw nodes across machines for coordinated fleet operations.

README (SKILL.md)

Fleet Communication Skill

Multi-agent communication system for OpenClaw fleets. Enables real-time messaging between multiple OpenClaw instances running on different machines.

When to use

User asks agents to communicate with each other
Multi-machine OpenClaw setups need coordination
Task delegation between fleet nodes
Broadcasting announcements to all nodes

Setup

The skill runs a lightweight HTTP message bus on the coordinator node (default port 18800).

Start the bus (on coordinator node)

node fleet-comm/fleet_bus.js

Environment

FLEET_NODE_ID — This node's ID (default: 00)
FLEET_BUS_URL — URL of the message bus (default: http://127.0.0.1:18800)
FLEET_BUS_PORT — Port to run bus on (default: 18800)

Commands

Send a message to a specific node

node fleet-comm/fleet_cli.js send \x3Ctarget_node> \x3Cmessage>
# Example: node fleet-comm/fleet_cli.js send 01 "start bounty scan"

Broadcast to all nodes

node fleet-comm/fleet_cli.js broadcast \x3Cmessage>

Read messages for this node

node fleet-comm/fleet_cli.js read

Check bus status

node fleet-comm/fleet_cli.js status

Architecture

  00 (Mac Mini)          01 (WSL2)           02 (Windows)
  ┌──────────┐          ┌──────────┐        ┌──────────┐
  │ Fleet Bus │◄────────│ CLI/Poll │        │ CLI/Poll │
  │ :18800   │─────────►│          │        │          │
  └──────────┘          └──────────┘        └──────────┘
       ▲                                         │
       └─────────────────────────────────────────┘
                    Tailscale Network

Message Format

{
  "from": "00",
  "to": "01",       // or "all" for broadcast
  "msg": "message text",
  "type": "task|info|alert|result",
  "ts": 1234567890
}

Free vs Pro (future)

Free: basic messaging, broadcast, status
Pro: encrypted messages, web dashboard, task queue, auto-discovery, message persistence

Usage Guidance

This skill is functionally coherent (it creates a lightweight HTTP message bus and CLI), but it is permissive and lacks access controls. Before installing or running: - Be aware the server binds to 0.0.0.0 (all interfaces) and sets CORS to '*' — by default it will be reachable from the network and from browsers on other hosts. If you only want local access, set FLEET_BUS_PORT and bind the process to 127.0.0.1 or modify the code to listen on localhost. - Add authentication/authorization: consider requiring a shared token or mTLS so arbitrary peers cannot register, read messages, or push tasks. Without this, malicious network peers could send commands or exfiltrate messages. - Protect the data directory: messages.jsonl and nodes.json are written to disk under the skill data dir (FLEET_DATA_DIR). If these contain sensitive content, ensure file permissions and backups are appropriate. - Document and configure FLEET_DATA_DIR: the code uses this env var but SKILL.md doesn't mention it — set it explicitly if you want data kept outside the skill bundle. - Review any agents that act on received 'task' messages: if other nodes automatically execute tasks received via this bus, the lack of auth creates a command-and-control risk. Ensure receiving agents validate/authorize tasks before executing. - If you want to expose the bus across machines, run it behind a firewall, VPN (e.g., Tailscale as the diagram suggests), or an authenticated reverse proxy to limit who can connect. Given these issues, consider this skill suspicious until you harden it (bind to localhost, add auth, restrict CORS) or accept the network exposure intentionally.

Capability Analysis

Type: OpenClaw Skill Name: fleet-comm Version: 1.2.0 The skill is classified as suspicious due to multiple critical vulnerabilities. The `fleet_bus.js` component is susceptible to Cross-Site Scripting (XSS) in its web dashboard, as message content is rendered without sanitization. More critically, the bus lacks any authentication or authorization, allowing any client to send, read, or broadcast messages for any node, and register new nodes, leading to unauthorized access and message manipulation. Furthermore, the `SKILL.md` instructions, when executed by an AI agent, pose a prompt injection risk: if the agent does not properly sanitize user-provided messages before executing `fleet_cli.js` commands, it could lead to shell injection and remote code execution on the agent's host.

Capability Assessment

✓ Purpose & Capability

Name/description (fleet-wide messaging) align with the code and CLI: the files implement an HTTP message bus, endpoints for send/broadcast/read/register/status, and a dashboard. The ability set is coherent with the stated purpose.

ℹ Instruction Scope

SKILL.md gives clear instructions to start the bus and use the CLI; it documents FLEET_NODE_ID, FLEET_BUS_URL and FLEET_BUS_PORT which the CLI/server use. Minor mismatch: the code reads FLEET_DATA_DIR (to store messages/nodes) but SKILL.md does not mention it. The runtime instructions do not ask the agent to read unrelated system files or secrets.

✓ Install Mechanism

No install spec (instruction-only) and included JS files are executed directly by node. This is a low-risk install model in terms of arbitrary remote downloads.

⚠ Credentials

The skill requests no credentials, which is consistent with a simple local bus, but the server binds to '0.0.0.0' and responds with Access-Control-Allow-Origin: '*' — exposing endpoints to the network without authentication. That lack of access control is disproportionate to the sensitivity of cross-node task messages. Also FLEET_DATA_DIR is used by code but not documented in SKILL.md.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and has no special persistence claims. It writes message and node JSON files under its data directory, which is normal for a local bus.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install fleet-comm
After installation, invoke the skill by name or use /fleet-comm
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.2.0

Enhanced protocol, added documentation, production ready

v1.1.0

v1.1: HTTP message bus, CLI tools, Web dashboard, node discovery, broadcast, task dispatch

Metadata

Slug fleet-comm

Version 1.2.0

License —

All-time Installs 3

Active Installs 3

Total Versions 2

Frequently Asked Questions

What is Fleet Communication System?

Enables real-time text messaging and broadcasting between multiple OpenClaw nodes across machines for coordinated fleet operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 477 downloads so far.

How do I install Fleet Communication System?

Run "/install fleet-comm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Fleet Communication System free?

Yes, Fleet Communication System is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Fleet Communication System support?

Fleet Communication System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Fleet Communication System?

It is built and maintained by dagangtj (@dagangtj); the current version is v1.2.0.

More Skills