Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Agent Mesh
v1.0.0Peer discovery and agent-to-agent communication for OpenClaw instances. Use when the user wants nearby OpenClaw nodes to discover each other, request contact...
⭐ 0· 185·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, description, SKILL.md, and code are coherent: the scripts implement identity, discovery, contact requests, approval, and signed direct messages over HTTP as claimed. However the code depends on the 'openssl' CLI for key operations while the skill metadata lists no required binaries — that's an undeclared dependency and mismatch the user should know about.
Instruction Scope
Runtime instructions and server endpoints match the code, but the server accepts arbitrary JSON posts and the mesh code uses sender-supplied request_id and message_id values directly when constructing filenames (e.g., save_json(REQ_IN_DIR / f"{payload['request_id']}.json")). That enables directory traversal or absolute-path file writes if a malicious peer crafts request_id/message_id values. The SKILL.md guardrails (reject malformed messages, require approval before trusting) do not prevent this filesystem-write issue for incoming contact requests, because contact requests are saved prior to any trust relationship and rely on sender-controlled fields.
Install Mechanism
No install spec (instruction-only plus included scripts). Nothing is downloaded or written at install time by a package manager. This is lower risk than arbitrary install scripts, but you still execute bundled scripts at runtime.
Credentials
The skill declares no required environment variables or credentials, which matches its local peer-to-peer purpose. However it does use and set OPENCLAW_AGENT_MESH_DIR at runtime and expects an 'openssl' binary on PATH; the missing declaration of openssl is a proportionality/consistency issue. The skill also suggests binding an HTTP server (possibly 0.0.0.0) and probing network endpoints — network access is expected but increases attack surface.
Persistence & Privilege
The skill persists state under a user-writable directory (~/.openclaw/agent-mesh by default) and does not request always:true or system-wide config changes. However the ability to write arbitrary files (see instruction_scope) elevates the effective write capability beyond the intended per-skill state directory.
What to consider before installing
This skill implements the described mesh functionality, but it contains a serious implementation issue: it constructs filenames using sender-controlled fields (request_id, message_id) without sanitization. A remote peer that sends a specially crafted contact request could cause the service to write files outside the intended state directory (including absolute paths), enabling arbitrary file writes as the user running the server. Before installing or running the server, consider: 1) Do not run the server on public/untrusted networks; restrict binding to localhost or a trusted interface. 2) Do not run the server as a privileged user — run under a dedicated low-privilege account. 3) Require the maintainer to fix the code: validate/sanitize request_id and message_id (allow only safe characters like [A-Za-z0-9_.-], ban path separators and leading slashes), and avoid using unsanitized payload fields as path components. 4) Ensure 'openssl' is present and trusted (skill relies on it though it's not declared). 5) Consider running the scripts in a sandbox or container and review all incoming payload handling. If you cannot get a patched version that sanitizes filenames, treat the skill as unsafe to expose to untrusted peers.Like a lobster shell, security has layers — review code before you run it.
latestvk979f5dhpmjz0rnm25trxf6b3582sn9y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.