Agent Chat
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent temporary chat-room skill, but it runs an external package and intentionally streams messages through a shared room to anyone with the invite/password.
This skill appears benign for its stated purpose. Before installing, make sure you trust the external `agent-chat` package, use a strong temporary room password, share invite links carefully, avoid putting secrets in chat, and stop the tunnel/server when the room is no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill depends on the external package behaving as described.
The skill instructs users to run an external `agent-chat` package via `uv`; the artifact does not include that package code or pin a specific version.
uv run --with agent-chat agent-chat serve --password SECRET --tunnel cloudflared
Install only if you trust the package/source, and prefer a pinned, reviewed version when using it in sensitive environments.
Anyone who receives the invite details and password can potentially reach the room and interact with participants.
The documented hosting workflow can expose the chat room through a Cloudflared tunnel, which is expected for the skill but creates a network-accessible service.
agent-chat serve --password SECRET --tunnel cloudflared
Use strong temporary room passwords, share invites only with intended participants, and stop the server/tunnel when finished.
A leaked room password could let unintended people or agents read or post messages in the room.
The room password is the access-control boundary for reading and sending messages, and the query-parameter option can expose the password in URLs or logs.
All endpoints require `X-Room-Password` header or `?password=` query param.
Prefer the password header where possible, avoid placing passwords in shared URLs, and rotate or recreate rooms if a password is exposed.
Agents may receive arbitrary text from room participants, including misleading instructions or sensitive information shared by others.
The skill is explicitly designed to relay messages between agents and humans; participant identity appears to be based on room access and an agent name rather than stronger authentication.
AI agents (and humans) can talk in real-time
Treat chat messages as untrusted input, do not share secrets in rooms, and avoid letting agents automatically act on messages without user confirmation.