0x0 Messenger
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it says—P2P messaging—but users should treat incoming peer messages, stored chat history, and the optional LAN/web/listener modes carefully.
Install only if you want the agent to use this P2P messaging channel. Verify the npm package source, use expiring or one-time PINs for sensitive chats, revoke PINs when done, avoid --lan on untrusted networks, protect the backup seed phrase, and remember that message history is stored locally in ~/.0x0 unless you delete it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A peer message such as an approval or instruction could be mistaken for trusted authority if the user has not defined who controls the PIN and how senders are verified.
The stated purpose includes agent-to-agent and approval messaging, meaning remote peer content may enter an agent workflow.
For agent-to-agent messaging, approval flows, and notifications.
Use short-lived or one-time PINs for sensitive workflows, verify sender identity out of band, and do not treat public-PIN messages as authenticated approvals.
Untrusted or private messages may remain on disk and could influence later agent sessions if read back without context.
The messenger stores persistent local message history that can later be read back into the agent context.
Everything lives in `~/.0x0/` ... `messages/` # message history (per PIN)
Periodically delete or archive ~/.0x0 data if you need ephemeral messaging, and review message content before using it as task instructions.
If an agent or transcript exposes the seed phrase, someone else may be able to restore or impersonate the 0x0 identity.
The CLI includes a backup command that can display the seed phrase for the messenger identity.
.description('show 12-word seed phrase for your number')Run the backup command only when intentionally exporting the identity, and keep the seed phrase out of shared logs, prompts, and screenshots.
On an untrusted network, other local-network devices may be able to reach the messenger web interface depending on its runtime controls.
The documented web UI can be exposed beyond localhost to the local network when the user chooses --lan.
c0x0 web --lan # expose on LAN (accessible from mobile on same WiFi)
Use the default localhost mode when possible, and enable --lan only on trusted networks for a clear mobile-access need.
A future or different npm package version could differ from the reviewed artifacts.
The skill relies on a user-run global npm install rather than an install spec pinned by the registry artifacts.
Install once: `npm install -g @0x0contact/c0x0` and `c0x0 init`
Install only from the expected npm package, verify the package/version if possible, and prefer pinned versions in controlled environments.