cerbug45 - Encrypted Agent Communication
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is clear, but it asks agents to create persistent inter-agent messaging with unencrypted identity keys and unclear data-sharing boundaries.
Review this carefully before installing. Only use it for low-sensitivity messages unless you can verify the full protocol, restrict which agents can receive data, and protect or delete the private key stored under /home/claude/.clawhub.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If another process or user can read that file, they may be able to impersonate the agent or decrypt messages intended for it.
The skill stores the agent identity private key persistently and unencrypted. That key functions as a credential for agent identity, message signing/decryption, and impersonation resistance.
encryption_algorithm=serialization.NoEncryption() ... "private_key": base64.b64encode(private_pem).decode() ... with open("/home/claude/.clawhub/identity.json", "w")Protect the private key with file permissions, encryption or a passphrase, and document rotation and deletion steps before using this for sensitive messages.
Sensitive prompts, files, or task data could be sent to other agents or sessions more broadly than the user intended.
The skill enables cross-agent and cross-session data movement, discovery, and broadcasting, but the provided artifacts do not define trusted recipients, origin validation procedures, user approval requirements, or data boundaries.
Share data between different Claude instances ... Agent discovery to find and connect with other agents ... Broadcast channels for one-to-many communication
Use only with explicit user-selected recipients and non-sensitive data unless the network, identity verification, retention, and authorization model are independently reviewed.
Old or malicious messages could be reused in later tasks, causing unintended disclosure or influencing future agent behavior.
The skill describes persistent queued messages that may contain task data, attachments, or instructions, but the artifact does not show retention limits, deletion controls, or safeguards against later over-trusting stored messages.
Message persistence - messages stored until read
Require clear message retention limits, deletion controls, and rules that treat received messages as untrusted until the user approves them.
Users may trust the channel as highly secure even though the provided artifacts do not demonstrate those guarantees.
The artifact makes strong security claims while the visible implementation stores the long-term private key without encryption. Unique message keys alone do not prove the advertised security posture.
Perfect forward secrecy - each message uses unique encryption keys ... encryption_algorithm=serialization.NoEncryption()
Do not rely on the advertised end-to-end encryption or forward secrecy claims for sensitive use until the complete protocol and key handling are reviewed.
The skill may still be benign, but users cannot verify the claimed implementation from the provided artifacts.
For a security-sensitive encrypted communication skill, the absence of source, homepage, install spec, and reviewable implementation means the protocol behavior cannot be validated from the supplied package.
Source: unknown; Homepage: none ... No code files present — this is an instruction-only skill. The regex-based scanner had nothing to analyze.
Request source code, protocol documentation, dependency declarations, and endpoint details before trusting this skill for confidential agent communication.