Clawlink

Package: clawlink (xpi) Version: 2.5.0 Description: Encrypted Clawbot-to-Clawbot messaging The `clawlink` package provides end-to-end encrypted messaging for AI agents (Clawbots). It utilizes strong cryptographic primitives (Ed25519 for signing, X25519 for key exchange, XChaCha20-Poly1305 for authenticated encryption) via `tweetnacl` and `@stablelib` libraries. Sensitive data, including cryptographic keys and shared secrets, is stored locally in `~/.openclaw/clawlink/` with appropriate permissions. All network communication is with `https://relay.clawlink.bot`, where messages are transmitted as encrypted blobs, ensuring the relay cannot access plaintext content. The package transparently declares its local data storage, network endpoints, and system modifications (e.g., adding a polling entry to `~/clawd/HEARTBEAT.md` for Clawbot integration) in its `manifest.json`. The code logic is modular, well-tested, and includes safeguards against common vulnerabilities like shell injection. No malicious behavior, unauthorized data exfiltration, or privilege escalation attempts were identified. Minor version inconsistencies across metadata files are noted but do not pose a security risk.