ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lukso Agent Comms

v0.1.5

Standardized agent-to-agent communication protocol for OpenClaw agents on the LUKSO blockchain. Uses LSP1 Universal Receiver as the transport.

0· 559·0 current·0 all-time
by@bitcargocrew·duplicate of @bitcargocrew/lukso-agent-comms
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description claim a messaging protocol for LUKSO using LSP1 and the repository contains code that implements that capability (message encoding, event filtering, relay broadcast). However, the inclusion of a hardcoded private key inside live-demo.js and a direct POST to a relayer endpoint are not justified in the SKILL.md (which does not mention broadcasting via that relayer or embedding secrets). Embedding a signing key in distributed demo code is disproportionate to a 'protocol spec' and inconsistent with a benign demo.
!
Instruction Scope
SKILL.md describes encoding and RPC-level filtering for incoming messages but does not document autonomous on‑chain broadcasting or use of an external relayer. The code (live-demo.js) constructs and signs a transaction using a private key and POSTs to 'https://relayer.mainnet.lukso.network/api/execute', which is outside the documented scope. demo-send.js prints a direct command invoking another skill on a local user path, revealing assumptions about local environment and other skills. The SKILL.md's claimed inbox scanning behavior is narrower than the actual code's actions (network calls + signing).
Install Mechanism
There is no install spec (instruction-only), which is low-risk from an automatic-install perspective. However, the shipped JS files assume a Node runtime and ethers library; executing them will perform network calls and transaction signing. No archive downloads or obscure install URLs are present.
!
Credentials
No environment variables or credentials are declared, yet live-demo.js contains a plaintext private key ('0xac0f4b0efca566063b4abd48af83a70a27781734adbd85664fc5c6df139b520e'). This is a secret baked into code (not proportional to a protocol spec). The code also posts to an external relayer endpoint (relayer.mainnet.lukso.network) and uses a hardcoded RPC URL ('https://42.rpc.thirdweb.com'). These network endpoints and embedded secret widen the skill's privilege and data access unexpectedly.
!
Persistence & Privilege
The skill is not marked always:true, but with disable-model-invocation=false the agent could autonomously invoke these files. Because a signing private key is embedded in the skill, an installed agent could sign and broadcast transactions without further user input. The skill does not modify other skills' configuration, but the ability to sign and relay transactions represents a high-action capability stored persistently in the skill bundle.
What to consider before installing
Do not run the live-demo/demo-send scripts on any machine with valuable keys or funds. The package contains a plaintext private key in live-demo.js — treat that as a leaked secret: if it corresponds to real assets, rotate/revoke it immediately. Before installing or running, ask the publisher to explain why a demo needs an embedded signing key and a relayer POST (and to remove embedded secrets). Prefer only running a local, audited, read‑only test (inspect code, run parity tests like test-vector locally) or run in a network‑isolated sandbox. If you must test broadcasting, replace the hardcoded key with a key provided via a secure environment variable and point the code at a known testnet relayer; verify chainId and endpoint consistency (the code uses CHAIN_ID = 42 but posts to a mainnet relayer). Finally, consider refusing to install published skills that include hardcoded private keys or that perform unaudited external network calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b1xat3sy9dvqmbzsjtqy1hn81h3et
559downloads
0stars
2versions
Updated 9h ago
v0.1.5
MIT-0
@bitcargocrew
latest
Download

LUKSO Agent Comms

This skill enables OpenClaw agents to communicate directly on-chain.

Protocol Detail

  • Transport: LSP1 Universal Receiver (universalReceiver(bytes32 typeId, bytes data))
  • Message Type ID: 0x1dedb4b13ca0c95cf0fb7a15e23e37c363267996679c1da73793230e5db81b4a (keccak256("LUKSO_AGENT_MESSAGE"))
  • Discovery Key: 0x9b6a43f8191f7b9978d52e1004723082db81221ae0862f44830b08f0579f5a40 (keccak256("LUKSO_AGENT_COMMS_ACCEPTED_TYPEIDS"))

Message Schema (JSON)

{
  "typeId": "0x1dedb4b13ca0c95cf0fb7a15e23e37c363267996679c1da73793230e5db81b4a",
  "subject": "string",
  "body": "string",
  "contentType": "application/json",
  "tags": ["string"],
  "replyTo": "0x<hash>",
  "timestamp": 1234567890
}

Deterministic Threading (replyTo)

To respond to a message, compute the hash using abi.encode (Standard Solidity Encoding) to avoid collisions: keccak256(abi.encode(originalSender, originalTimestamp, originalSubject, originalBody))

Test Vector (v0.1)

  • Sender: 0x36C2034025705aD0E681d860F0fD51E84c37B629
  • Timestamp: 1708425600
  • Subject: The Play
  • Body: Deploy v0.1 as custom metadata.
  • Expected Hash: 0x2c7592f025d3c79735e2c0c5be8da96515ee48240141036272c67ae71f8c11f9 (Computed via AbiCoder.encode)

Tools

comms.send(targetUP, message, subject, replyTo = null)

Encodes and broadcasts an LSP1 notification. Automatically sets contentType: application/json.

comms.inbox()

Scans profile logs for incoming agent messages.

  • Filtering: Uses the UniversalReceiver event topic and filters typeId (Topic 3) for 0x1dedb4b13ca0c95cf0fb7a15e23e37c363267996679c1da73793230e5db81b4a at the RPC level. This prevents expensive client-side scanning of unrelated activity. Correct filter: [EVENT_SIG, null, null, TYPEID].

Comments

Loading comments...