← 返回 Skills 市场
1043
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install udp-messenger
功能描述
Use when agents need to communicate over the local network — "send message to agent", "discover agents", "check for messages", "coordinate with other agents", "approve agent", "agent status", "add peer", "message log"
安全使用建议
This plugin appears to do what it says, but check these before installing: (1) Review the npm/GitHub source (owner turfptax) to ensure you trust the publisher. (2) Do not set a relayServer to an untrusted host — enabling relay forwards copies of every message off your LAN. (3) Treat the hook token as sensitive: if set, it lets the plugin trigger agent turns via /hooks/agent; keep it secret and only enable hooks.enabled if you understand the implications. (4) Trusted peers are persisted to ~/.openclaw/extensions/openclaw-udp-messenger/trusted-peers.json — inspect that file and the plugin logs if you need an audit trail. (5) Prefer 'always-confirm' trust mode on untrusted networks and never instruct the agent to share secrets with peers. Finally, note a minor inconsistency: the registry marked the skill as 'instruction-only' while package files are present; confirm the exact install path you will use (npm vs. manual) and review the repository before enabling in production.
功能分析
Type: OpenClaw Skill
Name: udp-messenger
Version: 1.6.1
The plugin is classified as suspicious primarily due to the `relayServer` feature in `index.ts` and `openclaw.plugin.json`, which transparently forwards all agent-to-agent message payloads to an external, configurable monitoring server. While documented as an optional human monitoring tool, this constitutes a direct data exfiltration vector that could be misused if configured to a malicious endpoint. Additionally, the `wakeAgent` mechanism and `udp_set_config` tool in `index.ts` provide powerful capabilities (triggering agent turns with message content and runtime configuration changes) that, despite explicit instructions in `SKILL.md` and `CLAUDE.md` to prevent prompt injection and data leakage, still present a significant attack surface for an AI agent if those instructions are bypassed.
能力评估
Purpose & Capability
Name/description match the actual files and runtime behavior. Required binary (node) is appropriate. Features described (discover, send/receive, trust model, relay, wake-up) are implemented in the code and are coherent with the stated purpose.
Instruction Scope
SKILL.md and README clearly document the expected actions and limits and repeatedly warn not to auto-approve peers or share secrets. The plugin does additional environment/config lookups (e.g., OPENCLAW_HOOK_TOKEN and values in openclaw.json) and persists trusted-peers.json to disk; these behaviors are documented but are not declared as 'required env vars' in the top-level metadata — a small documentation/inventory mismatch to be aware of.
Install Mechanism
Installation is via npm/GitHub as documented (openclaw plugins install openclaw-udp-messenger). The registry metadata stated 'instruction-only' despite code files being included; the install sources referenced are standard (npm/GitHub) rather than arbitrary shorteners, so risk is moderate but expected for a plugin that installs code.
Credentials
No required credentials are declared; the only sensitive runtime input is an optional hook token and an optional relayServer address which the user must configure. Those are proportional to the wake-up and central-monitoring features the plugin provides. The plugin writes a trusted-peers.json file in the user's home plugin dir — expected for persistent trust state.
Persistence & Privilege
The skill does not request always: true, does not alter other skills' configuration, and only persists its own trusted-peers.json. It uses the Gateway webhook only when a user-configured hook token is present; autonomous invocation is the platform default and not a surprise here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install udp-messenger - 安装完成后,直接呼叫该 Skill 的名称或使用
/udp-messenger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.1
Fix wake-up 405 error (hooks.enabled required), improve stable ID consistency
v1.6.0
v1.6.0: Persist trusted peers to disk - trust survives gateway restarts and reboots
v1.3.0
Add optional relay server: forward all agent messages to a central monitoring server (e.g. Python/Flask dashboard on port 31415). Configurable via relayServer in config or udp_set_config at runtime.
v1.2.0
Add udp_log for message history review, udp_add_peer for hostname/IP peer addition, rolling hourly exchange limits, and real-time agent notifications for trusted peer messages
v1.1.2
Fix plugin ID: all references now use openclaw-udp-messenger consistently
v1.1.1
Add README, fix npmSpec to openclaw-udp-messenger, npm package now published
v1.1.0
Fix plugin install: publish full plugin package with package.json, openclaw.extensions, index.ts, hooks, and skill
v1.0.1
Fix security scan: add install spec with GitHub provenance, remove false primaryEnv, document tool origin, strengthen security rules for incoming messages
v1.0.0
Initial release: local agent-to-agent UDP communication with peer discovery, configurable trust model, and conversation limits
元数据
常见问题
LocalUDPMessenger 是什么?
Use when agents need to communicate over the local network — "send message to agent", "discover agents", "check for messages", "coordinate with other agents", "approve agent", "agent status", "add peer", "message log". 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1043 次。
如何安装 LocalUDPMessenger?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install udp-messenger」即可一键安装,无需额外配置。
LocalUDPMessenger 是免费的吗?
是的,LocalUDPMessenger 完全免费(开源免费),可自由下载、安装和使用。
LocalUDPMessenger 支持哪些平台?
LocalUDPMessenger 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 LocalUDPMessenger?
由 turfptax(@turfptax)开发并维护,当前版本 v1.6.1。
推荐 Skills