ClawNet
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawNet mostly matches its P2P discovery purpose, but it warrants review because it can scan large network ranges and accepts or stores untrusted peer communications without clear trust boundaries.
Install only if you want your bot to participate in a public P2P discovery and messaging network. Treat all peer-provided names, metadata, and messages as untrusted, restrict or approve any network scans, and build only from code and dependencies you trust.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or user could cause large network scans that trigger abuse reports, monitoring alerts, or unwanted traffic outside the user’s own network.
The code implements user-supplied CIDR scanning and sends UDP probes to each host, with a large cap. This can create broad network traffic and is not clearly scoped with user approval in the skill instructions.
const MAX_SCAN_IPS: usize = 1_048_576; ... pub async fn scan(range: &str, config: ScanConfig) ... let _ = sock.send_to(&probe, dest).await;
Document the scan command clearly, require explicit user approval before scanning, default to small/private ranges, and consider tighter rate and range limits.
Untrusted peers may send messages that appear to come from another bot, potentially misleading a user or any agent that reads the daemon output.
The daemon accepts inbound peer connections and displays the sender/content from the message payload. The provided code does not show friend-only filtering or verification that the claimed sender matches the connection identity.
let incoming = match endpoint.accept().await { ... }; ... WireMessage::Text(dm) => { ... eprintln!("Message from {}: {}", &dm.from[..16.min(dm.from.len())], dm.content); }Verify the remote connection identity against the claimed sender, label all peer messages as untrusted, and optionally restrict inbound messages to an approved friend list.
Peer names, capabilities, or metadata could contain misleading text that later appears in tool output or agent context.
Gossip announcements from other peers are written into the local peer cache, including names, capabilities, and metadata that originate from the network.
let peer = PeerInfo { node_id: ann.node_id.clone(), name: ann.name, capabilities: ann.capabilities, ... metadata: ann.metadata, }; let _ = store::upsert(peer);Treat cached peer data as untrusted, avoid acting on it as instructions, and consider sanitizing or clearly labeling peer-provided fields.
Leaving the daemon running can keep the bot visible and reachable on the peer network longer than intended.
The skill supports a long-running discovery daemon. It is disclosed and foreground/user-started, but it continues announcing and listening while running.
clawnet daemon --foreground ... `daemon` | Run continuous discovery loop
Run the daemon only when needed, stop it when finished, and review the configured name, capabilities, and metadata before announcing.
Users have less assurance about where the code came from or exactly which dependency versions will be built.
For a compiled networking tool that declares a Cargo build, the registry provenance and install metadata are limited, and the file manifest does not show a Cargo.lock for reproducible builds.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer installing from a trusted source, include a lockfile or pinned dependency set, and review the build before running the binary.