Description

Agent communication protocol skill. Provides: inter-agent messaging, context snapshot/restore, event-driven collaboration, model dispatch notifications, sub-...

README (SKILL.md)

Agent Swarm Network — Agent Communication Skill

Name: Agent Swarm Network
Author: sarahmirrand001-oss

A unified communication backbone for every AI tool in the OpenClaw ecosystem (OpenClaw / Antigravity / Codex).

Analogy: This network = the Agent's nervous system. OpenClaw = the Agent's brain.

Acknowledgments

This Skill is built on top of Pilot Protocol by @TeoSlayer. Pilot Protocol provides the core daemon, encrypted tunnels, NAT traversal, and peer-to-peer addressing that this Skill leverages. Huge thanks to the Pilot Protocol team for building the Internet of Agents.

Permissions & Privacy

This Skill executes local CLI commands and writes files to the ~/.pilot/ directory. Full transparency:

Permission	What	Why
CLI Exec	`~/.pilot/bin/pilotctl`	All agent operations go through this binary
File Write	`~/.pilot/inbox/`	Context snapshots and incoming messages land here
File Write	`~/.pilot/received/`	Received files from peer agents
File Read	`~/.pilot/inbox/`	Reading snapshots for context restoration
File Read	`~/.pilot/received/`	Reading transferred files
Network	Local Unix socket	Daemon communication (localhost only)
Network	UDP tunnels (encrypted)	Agent-to-agent communication (AES-256-GCM)
Script Exec	`~/.pilot/context-snapshot.sh`	Context snapshot helper script
Script Exec	`~/.pilot/pilot-publish.sh`	Event publishing helper script
Process	Daemon lifecycle	Start/stop/status of the pilotctl daemon

Privacy Note: All inter-agent traffic is encrypted end-to-end using X25519 key exchange + AES-256-GCM. Agents are private by default and require mutual trust handshake before communication. No data passes through relay servers. The rendezvous registry defaults to localhost (127.0.0.1:9000) — no peer-discovery metadata leaves the machine unless you explicitly change registry_url to a remote address. Snapshots are unencrypted JSON; you must secure the ~/.pilot/ directory (chmod 700).

Prerequisites

Tool	Purpose	Required?
Pilot Protocol	Core daemon + CLI (`pilotctl`)	✅ Required
OpenClaw	Skill host + Agent orchestration	✅ Required

Configuration

Edit config.json after installation:

{
  "pilotctl_path": "~/.pilot/bin/pilotctl",
  "daemon_start_script": "~/.pilot/start-local.sh",
  "snapshot_script": "~/.pilot/context-snapshot.sh",
  "publish_script": "~/.pilot/pilot-publish.sh",
  "inbox_path": "~/.pilot/inbox/",
  "received_path": "~/.pilot/received/",
  "agent_hostname": "keke-agent"
}

Field	Description	Default
`pilotctl_path`	Path to the pilotctl binary	`~/.pilot/bin/pilotctl`
`daemon_start_script`	Script to start the daemon	`~/.pilot/start-local.sh`
`snapshot_script`	Context snapshot helper script	`~/.pilot/context-snapshot.sh`
`publish_script`	Event publish helper script	`~/.pilot/pilot-publish.sh`
`inbox_path`	Directory for incoming messages/snapshots	`~/.pilot/inbox/`
`received_path`	Directory for received files	`~/.pilot/received/`
`agent_hostname`	This agent's hostname on the Pilot network	`keke-agent`

First-time Setup

Install Pilot Protocol securely: We strongly recommend building from source to eliminate supply-chain risk. Clone https://github.com/TeoSlayer/pilotprotocol, audit the source, compile via go build, and place the binary at ~/.pilot/bin/pilotctl.
Secure your directories: chmod 700 ~/.pilot
Start the daemon: ~/.pilot/start-local.sh
Verify: ~/.pilot/bin/pilotctl --json daemon status

Global Rules

All pilotctl commands use the full path: ~/.pilot/bin/pilotctl
Always append the --json flag for structured output
Check the returned status field: ok = success, error = failure
On failure, read the hint field for remediation guidance

⚠️ Single-Node Mode (Current State)

Currently running with only one node (keke-agent). Cannot send network messages to self (publish/send-message will return connection_failed).

Single-Node Workarounds

Operation	Multi-node Command	Single-node Alternative
Publish event	`pilotctl publish keke-agent topic --data ...`	`~/.pilot/pilot-publish.sh topic '{"key":"val"}'`
Send to inbox	`pilotctl send-message keke-agent --data ...`	Write file directly to `~/.pilot/inbox/`
Context snapshot	`pilotctl send-message ...`	`~/.pilot/context-snapshot.sh`
Read inbox	`pilotctl inbox` → read `~/.pilot/inbox/`	Same (read directory directly)
Check status	`pilotctl info`	✅ Works normally
Set tags	`pilotctl set-tags ...`	✅ Works normally

When a second node joins (e.g., VPS or another Mac), network commands will activate automatically.

Capability 1: Context Snapshot & Restore (Highest Priority)

1.1 Save Context Snapshot

When a session ends, compaction triggers, or manual request is made, save critical context:

# Using the snapshot script (works in both single-node and multi-node)
~/.pilot/context-snapshot.sh SESSION_ID "Key summary of current context"

# Or manually write to inbox
echo '{"type":"context_snapshot","session_id":"ID","summary":"Summary"}' > ~/.pilot/inbox/snapshot_$(date +%Y%m%d_%H%M%S).json

1.2 Restore Context

When a new session starts, read the previous session's snapshot:

~/.pilot/bin/pilotctl --json inbox

Returns a messages array sorted by received_at. Read the most recent context_snapshot type message.

1.3 Context Overflow Protocol

When context usage exceeds 80%:

Step 1: Extract critical information from current context
Step 2: Serialize as JSON snapshot
Step 3: pilotctl send-message keke-agent --data "{snapshot}" --type json
Step 4: pilotctl publish keke-agent context.overflow --data "overflow at TOKEN_COUNT tokens"
Step 5: Suggest user starts a new session
Step 6: New session automatically restores from inbox

Capability 2: Event-Driven Collaboration

2.1 Publish Events

When significant events occur, use pilot-publish.sh (automatically handles single-node/multi-node):

# Model switch
~/.pilot/pilot-publish.sh model.switch '{"from":"flash-lite","to":"opus-4.6","reason":"strategic analysis"}'

# Task completion
~/.pilot/pilot-publish.sh task.complete '{"task":"intelligence_ingestion","source":"twitter"}'

# Context compaction
~/.pilot/pilot-publish.sh context.compaction '{"before_tokens":150000,"after_tokens":30000}'

# Error alert
~/.pilot/pilot-publish.sh error.alert '{"type":"model_402","model":"gemini","action":"fallback"}'

# Intelligence ingested
~/.pilot/pilot-publish.sh intel.ingested '{"source":"url","title":"Article Title","category":"infra"}'

2.2 Subscribe to Events

Listen for specific topics (used by sub-agents or external monitors):

# Listen to all events
~/.pilot/bin/pilotctl --json subscribe keke-agent "*" --timeout 60s

# Listen only to model switches
~/.pilot/bin/pilotctl --json subscribe keke-agent model.switch --count 1

# Listen for error alerts
~/.pilot/bin/pilotctl --json subscribe keke-agent error.* --timeout 300s

2.3 Standard Event Topics

Topic	Trigger	Data Schema
`context.snapshot`	Session end / manual save	`{session_id, summary, key_decisions}`
`context.overflow`	Token usage > 80%	`{token_count, threshold}`
`context.compaction`	Compaction triggered	`{before_tokens, after_tokens}`
`model.switch`	Model changed	`{from, to, reason}`
`model.error`	Model failure	`{model, error, fallback}`
`task.start`	Task initiated	`{task, type, model}`
`task.complete`	Task finished	`{task, result_summary}`
`task.error`	Task failed	`{task, error, retry}`
`intel.ingested`	Information ingested	`{source, title, category, value}`
`error.alert`	Error notification	`{type, details, action}`
`agent.spawn`	Sub-agent created	`{hostname, purpose, model}`
`agent.exit`	Sub-agent exited	`{hostname, reason, result}`

Capability 3: Sub-Agent Management

3.1 Naming Convention

Primary agent:    keke-agent
Sub-agents:       keke-sub-{purpose}  (e.g., keke-sub-code, keke-sub-writer)
Nested sub:       keke-sub-{purpose}-{n}

3.2 Spawning Sub-Agents

When OpenClaw needs to create a sub-agent for overflow tasks:

# Publish agent spawn event
~/.pilot/bin/pilotctl --json publish keke-agent agent.spawn \
  --data '{"hostname":"keke-sub-code","purpose":"code refactoring","model":"sonnet-4.6"}'

3.3 Collecting Sub-Agent Results

# Sub-agent sends results via Data Exchange
~/.pilot/bin/pilotctl --json send-message keke-agent \
  --data '{"type":"sub_agent_result","from":"keke-sub-code","result":"refactoring complete","files_changed":3}' \
  --type json

# Primary agent checks results
~/.pilot/bin/pilotctl --json inbox

Capability 4: Task Routing

4.1 Route by Tags

Assign capability tags to different agents:

# Tag self
~/.pilot/bin/pilotctl --json set-tags orchestrator chinese fast

Tag conventions:

Tag	Meaning	Best Fit Agent
`orchestrator`	Scheduling & dispatch	OpenClaw primary agent
`deep-reasoning`	Deep reasoning tasks	Antigravity (Opus)
`code-gen`	Code generation	Codex (Sonnet)
`local-inference`	Local model inference	LM Studio (Qwen)
`fast`	Fast responses	Flash Lite instances
`chinese`	Chinese language tasks	Qwen / Chinese-optimized models

4.2 Find the Best Agent

~/.pilot/bin/pilotctl --json peers --search "code-gen"

Capability 5: Model Dispatch Notifications

5.1 Publish Model Switch Events

Every model switch gets logged to the event stream:

~/.pilot/bin/pilotctl --json publish keke-agent model.switch \
  --data '{"from":"CURRENT_MODEL","to":"NEW_MODEL","reason":"reason","timestamp":"ISO8601"}'

5.2 Model Fallback Chain

On model failure, automatically publish degradation events:

~/.pilot/bin/pilotctl --json publish keke-agent model.error \
  --data '{"model":"gemini-3-flash","error":"402 quota exceeded","fallback":"minimax-m2.5"}'

Capability 6: File Transfer

6.1 Send File

~/.pilot/bin/pilotctl --json send-file keke-agent /path/to/file

Files are saved to ~/.pilot/received/.

6.2 View Received Files

~/.pilot/bin/pilotctl --json received

6.3 Use Cases

Transfer context snapshot files
Transfer code diffs
Transfer analysis reports
Share configuration across agents

Capability 7: Network Diagnostics

7.1 Health Checks

# Daemon status
~/.pilot/bin/pilotctl --json daemon status

# Agent info
~/.pilot/bin/pilotctl --json info

# Connection list
~/.pilot/bin/pilotctl --json connections

# Peer list
~/.pilot/bin/pilotctl --json peers

7.2 Performance Testing

# Ping latency
~/.pilot/bin/pilotctl --json ping keke-agent --count 3

# Throughput benchmark
~/.pilot/bin/pilotctl --json bench keke-agent 1

Capability 8: Gateway IP Bridging

8.1 Map Agent to Local IP

# Gateway bridging on user-space ports (>1024) does NOT require root/sudo.
~/.pilot/bin/pilotctl gateway start --ports 1234,8080 0:0000.0000.0001

Once mapped, standard HTTP tools can be used:

curl http://10.4.0.1:1234/v1/chat/completions  # Like calling LM Studio directly

8.2 Use Cases

Expose LM Studio through Gateway as a Pilot address
Unify all model endpoints under one entry point
Access agent services with standard HTTP tools

Capability 9: Webhook Real-time Monitoring

9.1 Set Up Webhook

~/.pilot/bin/pilotctl --json set-webhook http://localhost:8080/pilot-events

9.2 Event Types

All native daemon events are pushed to the webhook:

node.registered / node.reregistered
conn.established / conn.fin / conn.rst
handshake.received / handshake.approved
message.received / file.received
pubsub.published / pubsub.subscribed
security.syn_rate_limited / security.nonce_replay

Standing Orders (Automation Rules)

Rule 1: Snapshot Before Session End

Automatically execute a context snapshot (Capability 1.1) before every session ends.

Rule 2: Critical Events Must Be Published

The following events must always be published to the Event Stream:

Model switches
Intelligence ingestion completions
Task completions/failures
Context compactions
Error alerts

Rule 3: Auto-Restore on New Session

On every new session start, check pilotctl inbox for the latest snapshot and restore context.

Rule 4: Daemon Heartbeat

Check daemon status every 30 minutes. Auto-restart on failure.

Troubleshooting

Problem	Diagnostic Command	Solution
Daemon not running	`pilotctl daemon status`	`~/.pilot/start-local.sh`
Registry unreachable	`pilotctl info` (check peers)	Verify rendezvous server is running
Messages not sending	`pilotctl connections`	Check trust state with target
Inbox overflowing	`pilotctl inbox`	`pilotctl inbox --clear`

Usage Guidance

Before installing: (1) Verify the skill source repository and ensure the manifest in the registry matches the included SKILL.md (the registry metadata here omits required binaries). (2) Audit any upstream code and the start-local.sh and helper scripts you will run; do not execute scripts you haven't reviewed. (3) Treat ~/.pilot/ as highly sensitive: run chmod 700 on it, inspect snapshot JSON contents for secrets, and implement a retention/rotation policy for snapshots. (4) Keep the rendezvous/registry URL at localhost unless you intentionally and securely configure remote peers; enabling multi-node networking can expose snapshots to other hosts. (5) If you cannot personally audit the Pilot Protocol code and the startup scripts, avoid installing or run it in an isolated environment (VM/container) to limit exposure.

Capability Analysis

Type: OpenClaw Skill Name: agent-swarm-network Version: 1.0.6 The skill is classified as suspicious primarily due to the explicit disclosure of a critical data-at-rest vulnerability: context snapshots, which may contain sensitive PII and API keys, are stored unencrypted in `~/.pilot/inbox/` (SKILL.md, README.md, manifest.json). While the skill transparently warns users and advises `chmod 700` for mitigation, this inherent risk of sensitive data exposure warrants a 'suspicious' classification. All operations are confined to the `~/.pilot/` directory and network communication defaults to localhost, but the capability to configure remote network endpoints exists, which could be exploited if the agent were maliciously prompted. There is no evidence of intentional malicious behavior such as exfiltration to unauthorized external endpoints or stealthy persistence mechanisms by the skill itself.

Capability Assessment

⚠ Purpose & Capability

SKILL.md and manifest clearly require a Pilot Protocol daemon (pilotctl), scripts in ~/.pilot/, and continuous daemon operation — which is appropriate for an inter-agent networking skill. However the registry metadata in the skill listing claims no required binaries/configs, creating an inconsistency between declared requirements and actual runtime needs. That mismatch is unexplained and reduces trust.

⚠ Instruction Scope

Runtime instructions tell the agent/operator to build/install a third‑party daemon, run a start-local.sh script, execute helper scripts, and read/write snapshots and received files in ~/.pilot/. Snapshots are explicitly stored as plain JSON and may contain PII and API keys. The instructions remain local by default, but they also describe how to enable multi-node networking (which would permit remote peers), so the scope includes potential sensitive data capture and network transmission if reconfigured.

⚠ Install Mechanism

There is no formal install spec in the package; instead SKILL.md instructs users to clone and build Pilot Protocol from GitHub and to run scripts placed under ~/.pilot/ (e.g., start-local.sh). That requires pulling and executing third-party source and startup scripts — a moderate supply-chain risk because arbitrary code could be introduced via those scripts. The Skill does advise auditing upstream code, but the package itself does not enforce or provide a reviewed install artifact.

ℹ Credentials

The skill does not request environment variables or external credentials in its registry metadata, which is consistent with local-only operation. However it will create unencrypted JSON snapshots of session context (which can include API keys, PII, and session secrets) under ~/.pilot/. This means the skill can indirectly cause sensitive data to be stored on disk and (if the user reconfigures the registry) transmitted to peers — a privacy/credential exposure risk even without explicit credential environment variables.

ℹ Persistence & Privilege

The Skill runs a persistent user-level daemon and creates files under ~/.pilot/, but it does not request root/sudo. always: false (not force-installed). Triggers include session start/end and context overflow, meaning it will run automatically on those events; combined with the ability to network to remote peers if reconfigured, this increases blast radius — but autonomous invocation alone is expected for skills.

Version History

v1.0.6

Registry language fix: Removed all references to "upstream registry operated by TeoSlayer" across manifest.json, SKILL.md, README.md, and index.html. All text now states the registry defaults to localhost (127.0.0.1:9000) with zero external exposure. Dependencies structure fix: Moved pilotctl and go into dependencies.binaries (the field ClawHub's parser actually reads). Removed orphaned required_binaries top-level key. This resolves the "Required binaries: none" mismatch. Supply chain: Source-only build instructions retained. No curl|bash anywhere. Snapshots: Data-at-Rest Vulnerability warning and chmod 700 mandate retained.

v1.0.5

No changes detected in the code files for this release. - Internal version number bumped from 1.0.4 to 1.0.5. - No modifications made to SKILL.md or other source files. - No new features, bug fixes, or documentation updates in this version.

v1.0.4

Final Adjudication Fixes: v1.0.4 (Strict Source Compilation & Privacy Alignment) 1. Root Cause Schema Fix: Fixed type-parsing bug in [manifest.json](cci:7://file:///Users/yanyang/.openclaw/workspace/skills/pilot-protocol/manifest.json:0:0-0:0) -> `dependencies`. Moved `pilotctl` to the new `required_binaries` array so the registry metadata correctly validates the upstream dependency. 2. Supply Chain Escalation: Eliminated EVERYTHING related to automated binary downloads. The documentation now strictly dictates that users MUST clone upstream and compile from `.go` source (`go build`) to completely eliminate third-party pre-compiled supply chain surface area. 3. Air-Gapped Defaults: Changed the core configuration so the Rendezvous Registry defaults to LOCAL loopback (`127.0.0.1:9000`). Zero peer-discovery metadata is exposed to external servers unless the operator actively opts in. 4. Data-at-Rest Enforcement: Upgraded the plain JSON warning to a formal "Data-at-Rest Vulnerability" declaration, explicitly mandating aggressive `chmod 700` isolation and snapshot purge rotations.

v1.0.3

Final Adjudication Fixes: v1.0.3 (Strict Source Compilation & Schema Alignment) 1. Root Cause Schema Fix: Fixed type-parsing bug in [manifest.json](cci:7://file:///Users/yanyang/.openclaw/workspace/skills/pilot-protocol/manifest.json:0:0-0:0) -> `dependencies.required`. The registry metadata will now properly detect the upstream `pilotctl` and `bash` dependencies rather than reporting false 'zero requirements'. Corrected the missing `source` and `homepage` mappings to align exactly with the GitHub upstream. 2. Supply Chain Escalation: Eliminated all binary-download paths. The onboarding documentation now strictly assumes that users MUST clone upstream and compile from `.go` source (`go build`) to completely eliminate third-party pre-compiled supply chain surface area. 3. Air-Gapped Recommendations: Explicit recommendations to self-host the Rendezvous Registry for non-trusted deployments and hardened guidance on managing plain JSON data-at-rest. The Skill strictly places trust boundary management in the Hands of the Operator.

v1.0.2

Final Security Response: v1.0.2 (Supply Chain & Data-at-Rest Hardening) 1. Supply Chain Removed: Eradicated ALL instances of `curl | bash` installation scripts from the manifest and documentation. Users are now strictly required to manually download and hash-verify upstream releases from GitHub. We accept zero supply chain risks. 2. Data-at-Rest Vulnerability Addressed: Elevated the notification regarding plain JSON snapshots from a 'Privacy Note' to a full 'Data-at-Rest Vulnerability' warning. Explicit instructions mandate strict `chmod 700` isolation and routine purge cycles for the local inbox. 3. Decoupled from Sudo: Removed all requirements or examples using `sudo` for Gateway IP Bridging. The Skill strictly operates in user space on high ports (>1024) and explicitly declares "NO root/sudo required" in the manifest's system_privileges declaration.

v1.0.1

Security Update: v1.0.1 (Audit Feedback Addressed) 1. Provenance & Installation: Removed blind `curl | bash` instructions in favor of safe download-and-audit steps. Clarified ownership boundary between OpenClaw integration layer and Upstream TeoSlayer/pilotprotocol daemon. 2. Snapshot Security: Explicitly documented JSON snapshot persistence risks in manifest and docs. Added `chmod 700` hardening requirements for the agent inbox to protect sensitive session data. 3. Network Transparency: Formally declared the default Rendezvous Registry (TCP :9000) operator and documented self-hosting paths for strict-privacy deployments.

v1.0.0

Initial public release. An Agent Swarm network layer for context snapshot/restore, pubsub event-driven collaboration, and P2P direct messaging between agents. Powered by Pilot Protocol by TeoSlayer.

Metadata

Slug agent-swarm-network

Version 1.0.6

License —

All-time Installs 1

Active Installs 1

Total Versions 7

Frequently Asked Questions

What is Agent Swarm Network?

Agent communication protocol skill. Provides: inter-agent messaging, context snapshot/restore, event-driven collaboration, model dispatch notifications, sub-... It is an AI Agent Skill for Claude Code / OpenClaw, with 507 downloads so far.

How do I install Agent Swarm Network?

Run "/install agent-swarm-network" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Swarm Network free?

Yes, Agent Swarm Network is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agent Swarm Network support?

Agent Swarm Network is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Swarm Network?

It is built and maintained by KELIHAO (@sarahmirrand001-oss); the current version is v1.0.6.

More Skills

Agent Swarm Network