← Back to Skills Marketplace
@openclaw/interchange
by
frank-bot07
· GitHub ↗
· v1.0.0
612
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-interchange
Description
Shared .md interchange library for OpenClaw skills — atomic writes, deterministic serialization, YAML frontmatter, advisory locking, and schema validation. T...
Usage Guidance
This library is coherent with its stated purpose, but treat it as 'not ready for untrusted multi-process use' until fixes are applied. Before installing/use:
- Prefer to vendor or audit the code yourself; the bundle includes the full source and an internal code review (CODEX_REVIEW.md) listing critical concurrency issues.
- Set INTERCHANGE_ROOT to a dedicated directory (not $HOME or system directories) and run it with least privilege to prevent accidental writes to sensitive paths.
- Do not rely on the advisory locking for strict mutual exclusion between untrusted processes; if you need strong locks, replace or augment with OS-level flock()/fcntl or a centralized lock service.
- Review/fix the lock cleanup & fd lifecycle code (TOCTOU and fd/unlink semantics) and add path-assertion helpers so writes are constrained to the intended workspace.
- Run the included test suite in your environment (especially on Windows/CRLF and concurrent-write tests) and consider additional tests for malicious path inputs.
If you are not prepared to audit or patch the library, avoid using it in environments where concurrent writers or sensitive filesystem targets exist.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-interchange
Version: 1.0.0
The OpenClaw Interchange skill is classified as suspicious due to several critical vulnerabilities, primarily in its file locking and path handling mechanisms. The advisory file locking in `src/lock.js` is susceptible to race conditions during stale lock cleanup and PID reuse, which can lead to broken mutual exclusion and data integrity issues. Additionally, `src/indexer.js` and `src/io.js` exhibit potential path traversal vulnerabilities if `skillName` or `filePath` inputs are not strictly sanitized, allowing writes outside the designated `INTERCHANGE_ROOT`. The `rebuildIndex` function in `src/indexer.js` also contains a race condition by bypassing the robust locking mechanism for master index updates. While there is no evidence of intentional malicious behavior like data exfiltration or backdoor installation, these vulnerabilities could be exploited to cause data corruption, denial of service, or unauthorized file modifications.
Capability Assessment
Purpose & Capability
Name/description align with the code: this is a pure-JavaScript library providing read/write/serialize/lock helpers for `.md` interchange files. It has no declared env/credentials and only depends on js-yaml, which is proportionate to the described functionality.
Instruction Scope
The SKILL.md usage examples and README are limited to reading/writing .md files and acquiring locks, which is expected. However the runtime code allows writing arbitrary filesystem paths (no root enforcement) and relies on an advisory lock implementation that the included CODEX_REVIEW flags as having TOCTOU and fd-handling issues. That means callers following examples could accidentally overwrite files outside the intended interchange workspace or see broken mutual exclusion under contention.
Install Mechanism
There is no install spec for the skill (instruction-only), and package.json shows only a small dependency (js-yaml) and dev-dep (vitest). No remote downloads or opaque install steps are present in the bundle, which keeps install risk low.
Credentials
The package declares no required credentials or env vars. It does read process.env.INTERCHANGE_ROOT (and falls back to HOME). That is reasonable, but because the code will read/write arbitrary paths, you should set INTERCHANGE_ROOT to a dedicated directory before use. No secrets/external service tokens are requested.
Persistence & Privilege
The skill does not request persistent platform privileges (always: false). It does not modify other skills' configs or require unusual system privileges. Its threat surface is limited to filesystem I/O within whatever paths it is pointed at.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-interchange - After installation, invoke the skill by name or use
/openclaw-interchange - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Shared .md interchange library. 32 tests.
Metadata
Frequently Asked Questions
What is @openclaw/interchange?
Shared .md interchange library for OpenClaw skills — atomic writes, deterministic serialization, YAML frontmatter, advisory locking, and schema validation. T... It is an AI Agent Skill for Claude Code / OpenClaw, with 612 downloads so far.
How do I install @openclaw/interchange?
Run "/install openclaw-interchange" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is @openclaw/interchange free?
Yes, @openclaw/interchange is completely free (open-source). You can download, install and use it at no cost.
Which platforms does @openclaw/interchange support?
@openclaw/interchange is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created @openclaw/interchange?
It is built and maintained by frank-bot07 (@frank-bot07); the current version is v1.0.0.
More Skills