← Back to Skills Marketplace
ClawLink
by
Sharoon Sharif
· GitHub ↗
· v1.0.1
· MIT-0
89
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-link
Description
Cross-instance agent communication for OpenClaw. ClawLink lets multiple OpenClaw sessions discover each other, delegate tasks, share knowledge, collaborative...
Usage Guidance
This package appears to do what it says: run a relay and let OpenClaw instances talk to each other. That usefulness comes with real security trade-offs. Before installing or running the server: 1) Do not bind the relay to 0.0.0.0 or expose it to the public Internet without adding authentication and TLS (the code is unauthenticated and unencrypted by default). 2) If you must access it across the internet, place the relay behind a reverse proxy or VPN that enforces access control, or require tunnels that include auth. 3) Treat any agent that can register as potentially able to request reading files or performing actions — only join trusted agents and avoid sharing sensitive files via the mesh. 4) Inspect and, if needed, modify the server to add auth (API keys, tokens) and enable HTTPS/WSS before internet use. 5) Run the relay in an isolated environment (container/VM) and restrict network exposure via firewall rules. 6) Be aware setup.sh will install pip packages and write ~/.clawlink/agent_state.json; if you lack operational controls or don’t accept network risk, do not run the relay. If you want a safer assessment, provide the full truncated portions of server.py/client.py (the listings were truncated) so I can review any remaining logic (auth hooks, file handling, or hidden endpoints) that would change the risk level.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-link
Version: 1.0.1
ClawLink provides a framework for cross-instance agent communication, including task delegation and shared file access via a central relay server (scripts/server.py). While functional for multi-agent workflows, it creates a significant attack surface: the agent is instructed by SKILL.md to poll for and execute tasks received from the relay, effectively enabling remote task injection via the AI. Additionally, the file-sharing commands in scripts/client.py (file-put/file-get) facilitate the movement of local data to the relay, which could be used for exfiltration if the relay is untrusted. These high-risk capabilities are inherent to the tool's design but lack evidence of intentional malicious exploitation.
Capability Assessment
Purpose & Capability
Name, README, SKILL.md, protocol reference, and the client/server scripts all align: the skill enables agent discovery, delegation, broadcasts, and collaborative files via a relay server. The declared requirements (no env vars, no special binaries) match the implementation.
Instruction Scope
SKILL.md instructs users to run a relay that by default has no auth and unencrypted HTTP transport, and explicitly recommends exposing it via tunnels (ngrok/cloudflared) for internet access. The client persists identity to ~/.clawlink/agent_state.json and auto-discovers relays via mDNS. Those instructions are coherent for a mesh tool but broaden the agent's attack surface (unauthenticated remote agents can register, delegate tasks, and upload/download files).
Install Mechanism
There is no formal install spec in the registry (instruction-only), but shipped scripts (setup.sh) install Python dependencies via pip, including fallback flags (--break-system-packages) and attempting global installs. That is not an automatic remote-download risk, but running setup.sh will modify your Python environment and install third-party packages — typical but worth noting.
Credentials
The skill requests no environment variables or secrets. The client/server read/write a small local state file (~/.clawlink/agent_state.json) and call standard networking APIs (hostname, sockets). No unexpected credentials or config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It persists only its own agent_state.json. However, because the skill enables autonomous remote task delegation (and model invocation is allowed by default), an exposed relay increases the potential blast radius: other agents can instruct this agent to perform actions, which may lead to data access or exfiltration if the agent executes delegated tasks.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-link - After installation, invoke the skill by name or use
/openclaw-link - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Initial release of ClawLink - cross-instance agent communication for OpenClaw
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is ClawLink?
Cross-instance agent communication for OpenClaw. ClawLink lets multiple OpenClaw sessions discover each other, delegate tasks, share knowledge, collaborative... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.
How do I install ClawLink?
Run "/install openclaw-link" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawLink free?
Yes, ClawLink is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ClawLink support?
ClawLink is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawLink?
It is built and maintained by Sharoon Sharif (@sharoonsharif); the current version is v1.0.1.
More Skills