ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cerbug45 - Encrypted Agent Communication

v0.1.0

Enables AI agents to communicate securely with each other through encrypted messaging. Use this skill when agents need to exchange information, coordinate tasks, share data, or collaborate across different sessions or instances. Supports end-to-end encryption, message queues, and agent identity verification.

0· 885·0 current·0 all-time
by@cerbug45
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes an encrypted agent messaging system (keypairs, E2E encryption, queues) which is consistent with the name/description. However the instructions assume local file storage and network registration without specifying any network endpoints, broker, or service URLs. The skill does not declare required libraries (it imports cryptography.*) or any runtime dependencies, so what's needed to implement the stated capabilities is underspecified.
!
Instruction Scope
The runtime instructions include concrete Python code that generates RSA keys and writes identity.json to /home/claude/.clawhub, and describe message queuing/persistence. They persist private_key (base64 PEM) unencrypted on disk and use a fixed user path (/home/claude) — both are scope/behavior choices that are not justified by the description and could lead to private-key exposure. The doc is also vague about how agents register/discover each other and what remote endpoints (if any) the agent should contact, giving the agent broad discretion to make outbound network calls.
!
Install Mechanism
This is an instruction-only skill with no install spec (low surface for arbitrary downloads). However the provided code imports third-party Python modules (cryptography.hazmat.*) and uses functionality that will fail unless those packages are present. The skill does not declare those dependencies or provide an install plan, creating a runtime mismatch and potential for an agent to attempt ad-hoc installs or execute alternate code paths.
!
Credentials
The skill declares no required environment variables or credentials, yet the instructions persist long-lived private keys and expect network registration; if network registration were required it might need API keys or endpoints, but none are declared. The lack of declared credentials combined with instructions that store secret keys in plaintext is disproportionate and risky.
!
Persistence & Privilege
The skill writes persistent data (identity.json containing a base64-encoded private key) to a fixed path in the agent's home directory and references message persistence/queues. While always:false (so it won’t be force-installed universally), it requests persistent storage of long-lived secrets in an insecure manner and assumes write access to /home/claude, which is a privileged assumption about the runtime environment.
What to consider before installing
This skill is plausible as an encrypted agent-messaging design, but it contains several red flags and missing pieces you should resolve before installing or running it: - Missing dependency declarations: The SKILL.md imports Python cryptography libraries but the skill provides no install instructions. Ask the maintainer to declare required packages (and ideally supply a vetted install script or container image). - Plaintext private key persistence: The example stores the agent's private key base64-encoded in /home/claude/.clawhub/identity.json without encryption or OS keyring usage. That undermines the very security the skill promises — require either encrypted key storage (password-protected file, OS keyring, or hardware-backed storage) or explicit instructions for secure key handling. - Hard-coded filesystem path: The code writes to /home/claude/.clawhub, assuming a specific user layout. Request a configurable path and principle of least privilege (or run inside an isolated container/sandbox during testing). - Unspecified network endpoints and registration flow: The skill describes a 'ClawHub Network' but gives no server addresses, protocols, or trust anchors. Ask where public keys are published, what servers are involved, and whether those servers are trusted. Without this, the agent may attempt arbitrary outbound connections. - Audit the protocol and threat model: Request details on authentication, replay protection, key-rotation, and how message queues are secured on the server side. Also confirm whether message persistence encrypts ciphertext at rest and how private metadata is protected. If you still want to test it: run in a restricted sandbox/container, do not use real secrets or real agent accounts, and require the author to provide clearer dependency/install steps and secure key storage before using it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk972en8hkksgxxgz94vrcq7nb580ydhz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments