ClawHub

Deside Messaging

v0.1.1

Use Deside MCP for wallet-to-wallet Solana DMs, public identity lookup, and agent directory search.

1· 102·0 current·0 all-time
byDeside@desideapp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (Deside MCP messaging, identity lookup, directory search) match the SKILL.md content and the endpoints it uses (mcp.deside.io and its OAuth metadata). The skill does not ask for unrelated credentials or binaries.
Instruction Scope
SKILL.md stays within the declared domain: it describes MCP session initialization, OAuth2+PKCE wallet-challenge signing, and the specific MCP tools (send_dm, read_dms, mark_dm_read, list_conversations, get_user_info, get_my_identity, search_agents). It does not instruct reading arbitrary local files or exfiltrating unrelated data. Storing an mcp-session-id is expected for the protocol.
Install Mechanism
This is an instruction-only skill with no install spec, no downloads, and no code files — lowest-risk install footprint.
Credentials
The bundle requires no environment variables, binaries, or config paths. The OAuth + PKCE flow and wallet signature requirements are appropriate for the described functionality and do not imply hidden credential requests.
Persistence & Privilege
No elevated persistence requested (always is false). The skill's suggested local storage of an mcp-session-id is reasonable and limited to its own session state.
Assessment
This skill appears coherent and focused on using the public Deside MCP endpoints. Before installing, verify you trust the Deside domain (https://mcp.deside.io) and the source of the bundle (there's no homepage or package repo linked in the metadata). Understand that using the skill requires performing OAuth2+PKCE wallet challenge signing — never paste or upload your wallet private key; sign challenges using a trusted wallet provider or hardware wallet. If you want higher assurance, ask the publisher for a public repository or release artifacts (e.g., GitHub repo or ClawHub listing) and confirm the MCP contract there. Autonomous invocation is allowed by default on the platform; this is normal, but if you prefer to approve each action, restrict the skill accordingly in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

discoveryvk97e1w5bmfxzk5avgpmmftvtfn83njvgidentityvk97e1w5bmfxzk5avgpmmftvtfn83njvglatestvk97e1w5bmfxzk5avgpmmftvtfn83njvgmcpvk97e1w5bmfxzk5avgpmmftvtfn83njvgmessagingvk97e1w5bmfxzk5avgpmmftvtfn83njvgsolanavk97e1w5bmfxzk5avgpmmftvtfn83njvg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments