AgentMesh
WarnAudited by ClawScan on May 10, 2026.
Overview
AgentMesh appears to be a real encrypted agent-messaging library, but its network hub and security claims need review before using it for sensitive agent communication.
Review carefully before installing. For local demos this looks purpose-aligned, but for real multi-agent or multi-machine use you should verify the source, protect key files, avoid exposing the hub publicly, add authentication and peer fingerprint verification, and not rely on the advertised forward-secrecy guarantees without a cryptographic review.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can reach the hub may be able to register or overwrite agent identities, enumerate agents, route unwanted envelopes, or disrupt identity discovery even if message contents are encrypted.
The network hub binds broadly by default and accepts agent registration, bundle publication, and agent listing from any connected client, with no visible authentication or access control.
def __init__(self, host: str = "0.0.0.0", port: int = 7700): ... if cmd == "REGISTER": ... self._bundles[agent_id] = msg["bundle"] ... elif cmd == "LIST_AGENTS": ... agents = list(self._bundles.keys())
Use network mode only on a trusted/private network or behind a firewall, bind to localhost unless needed, and add authentication, authorization, TLS/server identity, and peer key pinning before relying on it.
A user may believe past messages remain protected after key compromise, when the implementation appears to rely on stored/static exchange keys rather than enforced ephemeral ratcheting.
The visible key exchange derives sessions from the agent's long-lived exchange key, while the documentation claims forward secrecy from ephemeral session keys. This makes the security posture appear stronger than the code supports.
self.exchange_private = exchange_private or X25519PrivateKey.generate() ... raw_shared = my_keypair.exchange_private.exchange(their_exchange_pub)
Treat the forward-secrecy and 'impersonation impossible' claims as unverified; require an independent cryptographic review and update the documentation or implementation before handling high-sensitivity traffic.
If the key file is exposed, another process or user may be able to impersonate that agent identity.
The skill clearly discloses optional persistent identity keys and warns that the file contains private key material.
alice = Agent("alice", hub=hub, keypair_path=".keys/alice.json") ... Store this file securely – it contains the private key.Store key files outside shared folders, restrict file permissions, back them up carefully, and rotate identities if a key file may have been exposed.
A future install could fetch code that differs from the reviewed artifact snapshot.
The recommended installation pulls code directly from a mutable GitHub source rather than a pinned commit or verified package release.
pip install git+https://github.com/cerbug45/AgentMesh.git
Pin a commit hash or trusted release, verify the repository owner, and review dependency versions before installing.