xihe-jianmu-ipc

建木 IPC — Real-time cross-AI communication hub. Route messages between OpenClaw, Claude Code, Codex, and any HTTP client through a lightweight WebSocket hub.

This skill largely does what it says (a local WebSocket hub and MCP adapter), but it has two notable risks you should weigh before installing: - It includes a patch script (bin/patch-channels.mjs) that searches your global npm modules for @anthropic-ai/claude-code/cli.js and overwrites code to bypass a warning. This modifies third-party installed files and requires global write access — avoid running that script unless you fully trust the source and understand the change. - The channel-server can POST incoming messages to any IPC_CHANNEL_URL you configure. If you set that to an external URL, message contents (potentially sensitive) can be exfiltrated. Treat IPC_CHANNEL_URL as highly sensitive configuration and restrict it to trusted, internal endpoints. Recommendations before installing/using: - Review the full source yourself (you have it) and confirm there are no hidden endpoints or obfuscated code. - Do NOT run bin/patch-channels.mjs unless necessary; prefer upstream fixes or sandboxed testing. Consider running the hub in an isolated environment/container. - If you enable external webhooks (IPC_CHANNEL_URL), restrict network egress or use internal-only endpoints and require authentication on the receiver. - Set and enforce IPC_AUTH_TOKEN for hub access; do not leave auth disabled in production. - Verify the npm package origin (publisher, repository, and release tags) and consider installing from a git checkout you audited rather than blindly from the registry. - Run it in a sandbox (container or VM) first and monitor filesystem/network activity and the processes it spawns. Given the file modifications and exfiltration-capable config, treat this skill as useful but potentially risky unless you control the environment and review/lock down the configuration.

Type: OpenClaw Skill Name: xihe-jianmu-ipc Version: 0.1.2 The skill bundle implements a cross-agent communication hub but contains highly intrusive and risky components. Specifically, 'bin/patch-channels.mjs' is designed to modify the source code of a globally installed third-party package (@anthropic-ai/claude-code) to bypass security warnings. The 'mcp-server.mjs' file includes an 'ipc_spawn' tool that enables the agent to execute shell commands and launch new processes. Furthermore, 'SKILL.md' contains instructions directing the AI agent to act on requests received via the IPC channel, which introduces a significant risk of indirect prompt injection. The presence of a 'Security Note' in 'SKILL.md' that preemptively dismisses potential antivirus detections is also a common indicator of potentially unwanted or high-risk software.