Skillv1.1.1

ClawScan security

0x0 Messenger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 11:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requirements are internally consistent with a P2P disposable-PIN messenger — nothing in the bundle requests unrelated credentials or system access.
Guidance: This appears to be a legitimate P2P CLI messenger. Before installing: (1) verify the npm package and publisher (@0x0contact) on the npm registry and confirm the homepage/repository match your expectations; (2) be aware that installing a global npm package executes third‑party code on your machine; (3) using the tool will open P2P network connections (Hyperswarm) and optionally a local web server which can be exposed to your LAN — only use these features with trusted peers; (4) the 'pipe' mode lets automation/agents send messages out — avoid connecting agent outputs to untrusted external peers if you must keep data private; (5) review or audit the package source before granting it long‑term use. If you want a lower-risk trial, run the CLI in a disposable VM/container or inspect the included source files locally instead of installing globally.
Findings: [NO_ISSUES_DETECTED] expected: Static pre-scan reported no injection signals. The code does perform expected network and local storage operations for a P2P messenger (Hyperswarm, express, ws).

Review Dimensions

Purpose & Capability: okName/description match the files and commands. Requiring node and the c0x0 CLI is expected for a CLI/web P2P messenger. Declared binaries, CLI commands, local storage (~/.0x0), and Hyperswarm networking all align with the stated purpose.
Instruction Scope: okSKILL.md instructs installing the package and using the provided CLI commands (init, pin, send, listen, pipe, web, etc.). Instructions reference only the local config path (~/.0x0) and normal network operations for P2P; they do not ask the agent to read unrelated system files or exfiltrate arbitrary data. The 'pipe' mode explicitly exposes a JSON stdin/stdout interface for automation, which is a legitimate agent integration point.
Install Mechanism: noteThe skill bundle contains full source but provides no automated install spec in the registry; SKILL.md tells users to run `npm install -g @0x0contact/c0x0`. Installing a global npm package will download and run third-party code (dependencies include hyperswarm, express, ws). This is expected for a CLI tool but is a moderate-risk operation by nature — verify the npm package provenance before installing.
Credentials: okThe skill requests no environment variables or unrelated credentials. It stores data locally under ~/.0x0. It does perform network operations (Hyperswarm DHT, optional web UI exposed to LAN) which are required for its P2P function; the use of network bootstrap/discovery is proportionate but will reveal the host's IP to peers/bootstrap nodes as expected for P2P.
Persistence & Privilege: okNo 'always: true' flag, no special privileges, and the skill does not modify other skills or system-wide agent settings. It runs as a normal user-space CLI/web server when invoked.