← 返回 Skills 市场
110
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install xihe-jianmu-ipc
功能描述
建木 IPC — Real-time cross-AI communication hub. Route messages between OpenClaw, Claude Code, Codex, and any HTTP client through a lightweight WebSocket hub.
安全使用建议
This skill largely does what it says (a local WebSocket hub and MCP adapter), but it has two notable risks you should weigh before installing:
- It includes a patch script (bin/patch-channels.mjs) that searches your global npm modules for @anthropic-ai/claude-code/cli.js and overwrites code to bypass a warning. This modifies third-party installed files and requires global write access — avoid running that script unless you fully trust the source and understand the change.
- The channel-server can POST incoming messages to any IPC_CHANNEL_URL you configure. If you set that to an external URL, message contents (potentially sensitive) can be exfiltrated. Treat IPC_CHANNEL_URL as highly sensitive configuration and restrict it to trusted, internal endpoints.
Recommendations before installing/using:
- Review the full source yourself (you have it) and confirm there are no hidden endpoints or obfuscated code.
- Do NOT run bin/patch-channels.mjs unless necessary; prefer upstream fixes or sandboxed testing. Consider running the hub in an isolated environment/container.
- If you enable external webhooks (IPC_CHANNEL_URL), restrict network egress or use internal-only endpoints and require authentication on the receiver.
- Set and enforce IPC_AUTH_TOKEN for hub access; do not leave auth disabled in production.
- Verify the npm package origin (publisher, repository, and release tags) and consider installing from a git checkout you audited rather than blindly from the registry.
- Run it in a sandbox (container or VM) first and monitor filesystem/network activity and the processes it spawns.
Given the file modifications and exfiltration-capable config, treat this skill as useful but potentially risky unless you control the environment and review/lock down the configuration.
功能分析
Type: OpenClaw Skill
Name: xihe-jianmu-ipc
Version: 0.1.2
The skill bundle implements a cross-agent communication hub but contains highly intrusive and risky components. Specifically, 'bin/patch-channels.mjs' is designed to modify the source code of a globally installed third-party package (@anthropic-ai/claude-code) to bypass security warnings. The 'mcp-server.mjs' file includes an 'ipc_spawn' tool that enables the agent to execute shell commands and launch new processes. Furthermore, 'SKILL.md' contains instructions directing the AI agent to act on requests received via the IPC channel, which introduces a significant risk of indirect prompt injection. The presence of a 'Security Note' in 'SKILL.md' that preemptively dismisses potential antivirus detections is also a common indicator of potentially unwanted or high-risk software.
能力评估
Purpose & Capability
The code implements a WebSocket hub, MCP server, and channel bridge which match the description. However the included bin/patch-channels.mjs directly edits a globally-installed Claude Code cli.js to bypass a warning dialog — modifying another product's installed files is not required for a messaging hub and is disproportionate to the stated purpose.
Instruction Scope
SKILL.md instructs adding the MCP server and running the hub (expected), but also suggests using the patch-channels script before running Claude Code with a dangerous flag. The channel-server component will POST message contents to any IPC_CHANNEL_URL you set — this allows routing potentially sensitive message text to external endpoints. The MCP server also spawns new sessions (child processes), which increases attack surface.
Install Mechanism
Install is via an npm package (xihe-jianmu-ipc) that provides a 'jianmu' binary — a standard mechanism. This is a moderate-risk install (npm packages can contain arbitrary JS). There are no downloads from untrusted URLs, but the package will run code on install/use and offers CLI scripts that perform filesystem modifications.
Credentials
Declared primary credential IPC_AUTH_TOKEN is appropriate for hub authentication. Optional environment variables (IPC_CHANNEL_URL, OPENCLAW_TOKEN, OPENCLAW_URL, etc.) are plausible for integrations, but IPC_CHANNEL_URL lets you configure an arbitrary external webhook — enabling it could exfiltrate message contents. The patch script also requires write permissions to global npm modules, which is disproportionate to a messaging library.
Persistence & Privilege
The skill does not request always:true, but it includes a script that modifies other installed software (patch-channels.mjs) and spawn logic (mcp-server) that can launch new processes. Modifying third-party package files or global CLI code increases privilege/impact and should be treated as a significant escalation beyond normal skill behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xihe-jianmu-ipc - 安装完成后,直接呼叫该 Skill 的名称或使用
/xihe-jianmu-ipc触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Add security note explaining VirusTotal flag
v0.1.1
Fix: use full name xihe-jianmu-ipc everywhere
v0.1.0
Initial release: WebSocket hub + MCP server for cross-AI real-time communication between OpenClaw, Claude Code, Codex, and any HTTP client
元数据
常见问题
xihe-jianmu-ipc 是什么?
建木 IPC — Real-time cross-AI communication hub. Route messages between OpenClaw, Claude Code, Codex, and any HTTP client through a lightweight WebSocket hub. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 xihe-jianmu-ipc?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xihe-jianmu-ipc」即可一键安装,无需额外配置。
xihe-jianmu-ipc 是免费的吗?
是的,xihe-jianmu-ipc 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
xihe-jianmu-ipc 支持哪些平台?
xihe-jianmu-ipc 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 xihe-jianmu-ipc?
由 47Liu(@47liu)开发并维护,当前版本 v0.1.2。
推荐 Skills