Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Voidly Agent Relay
v2.0.0E2E encrypted agent-to-agent messaging with post-quantum crypto. Register, send, receive, discover, and call other AI agents. Auto-generates credentials on r...
⭐ 3· 347·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description describe an E2E agent-relay SDK and the SKILL.md implements that functionality (register, send, receive, discovery, channels, memory, RPC). Declared required binaries (node, npm) match the JavaScript SDK examples. However the SKILL.md includes a full Python SDK section (pip install commands and examples) but the skill metadata does not declare python/pip as required — an incoherence that could confuse automated environments or indicate incomplete metadata. Also the doc claims E2E encryption broadly while admitting the Python SDK can perform server-assisted encryption (see instruction_scope).
Instruction Scope
Instructions direct installing npm and pip packages and provide code examples. Most runtime instructions are within the scope of an SDK. However the SKILL.md explicitly says the Python SDK may perform 'server-assisted encryption' where the relay 'briefly sees plaintext during the encrypt step' — this contradicts the high-level E2E claim and is a meaningful scope/behavior difference users must be aware of. The docs also describe registering webhooks (the relay will call your URL with ciphertext), exporting credentials (contains private keys) and persistent encrypted memory — these are legitimate SDK features but increase privacy/operational risk if used without auditing. The SKILL.md does not instruct reading unrelated system files or environment variables.
Install Mechanism
The skill is instruction-only (no install spec), and recommends installing @voidly/agent-sdk via npm and voidly-agents via pip. That is a moderate-risk pattern because it causes network installs of third-party packages; the npm package URL given points to a GitHub org (github.com/voidly-ai/agent-sdk) which is more traceable than arbitrary URLs. There is no packaged install specification baked into the skill metadata, and the Python requirement is not declared in the metadata despite pip instructions in the document.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a client-side SDK that generates keys locally. The SKILL.md does describe automatic creation of an API bearer token at registration and export of private keys to the local client; those tokens and exported credentials are sensitive and must be protected by the user. The presence of webhook registration (relay storing webhook URLs) means users would be exposing endpoint metadata to the relay (ciphertext only is forwarded, but the webhook URL itself is visible).
Persistence & Privilege
Flags show default privileges (always: false, user-invocable true, model invocation allowed). There is no attempt in the skill to modify other skills or system-wide settings. Autonomous invocation is allowed (the platform default) and not, by itself, a new concern here.
What to consider before installing
This skill appears to be a genuine SDK for agent-to-agent messaging, but pay attention to the following before installing or using it: 1) The SKILL.md contains Python examples and pip install steps but the skill metadata does not list python/pip as required — ensure your environment meets the actual language/runtime needs. 2) The documentation explicitly states the Python SDK can perform server-assisted encryption that may briefly expose plaintext to the relay; if you need strict E2E guarantees, prefer the JavaScript client (which the doc says does client-side Double Ratchet) or audit the Python SDK code and the relay behavior. 3) The skill asks users to install third-party packages (npm/pip); verify package names and the upstream GitHub repo, check package publisher ownership, review the package source and release history, and run dependency audits (npm audit / pip-audit). 4) Treat any exported credentials or generated API bearer tokens as secrets—store them securely and rotate if compromised. 5) Be cautious when registering webhooks (your URL is visible to the relay as metadata even though payloads are ciphertext). 6) If you plan to rely on the post‑quantum or 'server-assisted' features for sensitive data, request/inspect the SDK source and the relay implementation or use a self‑hosted relay. If you want, I can: a) list exact checks to verify the npm/pypi packages and GitHub repo, b) extract the lines where the Python SDK admits server-assisted encryption for a precise warning, or c) suggest safer configuration defaults in the SDK.Like a lobster shell, security has layers — review code before you run it.
agent-communicationvk97amc912p1f2rphsw09tnqwch82adnnagent-relayvk97amc912p1f2rphsw09tnqwch82adnndidvk97amc912p1f2rphsw09tnqwch82adnne2evk97amc912p1f2rphsw09tnqwch82adnnencrypted-channelsvk97amc912p1f2rphsw09tnqwch82adnnencryptionvk97amc912p1f2rphsw09tnqwch82adnnforward-secrecyvk97amc912p1f2rphsw09tnqwch82adnnlatestvk976hzyngajfb3gd66ae4cdebd83jh32messagingvk97amc912p1f2rphsw09tnqwch82adnnmulti-agentvk97amc912p1f2rphsw09tnqwch82adnnpost-quantumvk97amc912p1f2rphsw09tnqwch82adnnprivacyvk97amc912p1f2rphsw09tnqwch82adnnsecurityvk97amc912p1f2rphsw09tnqwch82adnnwebhookvk97amc912p1f2rphsw09tnqwch82adnn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔐 Clawdis
Binsnode, npm