ClawChat - P2P Agent Communication
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawChat’s artifacts match its stated P2P agent-messaging purpose, but users should treat remote peer messages, wake notifications, identity keys, and the background daemon as sensitive.
Before installing, verify the repository and dependencies, protect the generated seed phrase and password files, decide whether a persistent daemon is acceptable, and only enable OpenClaw wake or broad peer access for identities that should receive messages from trusted remote agents.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it can run and expose code from the cloned repository and its npm dependencies on the local machine.
The skill asks the user to install from a GitHub repository and npm dependency tree, then globally link the CLI; this is disclosed and aligned with a CLI tool, but it is outside a managed install spec.
git clone https://github.com/alexrudloff/clawchat.git cd clawchat npm install && npm run build && npm link
Install only from the intended repository or a reviewed commit, check package-lock changes, and consider local/npx use instead of global linking if desired.
Anyone who obtains the seed phrase, password file, or decrypted private keys could impersonate that ClawChat identity.
The CLI creates and displays a seed phrase for the user’s messaging identity; this is expected for the Stacks-based identity design, but the seed and password protect impersonation-sensitive identity material.
mnemonic: id.mnemonic, // IMPORTANT: User must back this up!
Store seed phrases and password files securely, avoid passing passwords on the command line, and keep ~/.clawchat permissions restricted.
A trusted or misconfigured peer could send messages that influence the local agent’s next actions or attention.
The skill is designed to receive messages from other machines and can wake the local agent with incoming peer content; this is disclosed and purpose-aligned, but remote messages should not be treated as inherently trusted.
OpenClaw Native — Built for OpenClaw with `openclawWake` support (incoming messages wake your agent)
Enable wake only for identities that need it, restrict allowed peers where possible, and treat all received peer messages as untrusted instructions unless separately verified.
If wake is enabled, incoming peer messages may cause local OpenClaw notifications or agent wakeups without a separate per-message confirmation.
The daemon invokes the local OpenClaw CLI to generate wake events. This matches the documented wake feature, but it bridges network-originated messages into a local agent event mechanism.
const result = spawnSync('openclaw', ['system', 'event', '--text', wakeMessage, '--mode', mode], {Keep wake disabled for untrusted identities, use peer ACLs, and ensure wake messages are clearly labeled as remote peer content.
The process can keep listening for peers and retrying queued messages after initial setup, and optional launchd instructions can make it start on login.
The skill intentionally uses a background daemon for P2P connectivity and message retry; this is disclosed and user-directed, not hidden rogue behavior.
The daemon runs in the background, managing connections and message queues for all loaded identities.
Use `clawchat daemon status` and `clawchat daemon stop` to monitor or stop it, and only install the launchd service if persistent operation is desired.