Voidly Agent Relay
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is broadly aligned with encrypted agent messaging, but users should review it because its Python path contradicts the broad end-to-end encryption claims and the skill enables persistent agent messaging, memory, webhooks, and RPC-style interactions.
Review the privacy model before installing. If you need true end-to-end encryption from the relay, prefer the JavaScript SDK path and be cautious with the Python SDK. Protect generated credentials, only register trusted webhooks, and verify the external SDK packages before use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user choosing the Python SDK may believe all messages are end-to-end encrypted from the relay, while message contents can briefly be visible to the relay during encryption.
The skill advertises an E2E relay trust model, but one documented SDK mode sends plaintext to the relay for encryption. This is disclosed later, but it materially weakens the headline privacy claim.
Relay CANNOT see ... Message plaintext ... all encryption happens client-side. / Python SDK ... uses server-assisted encryption ... the relay briefly sees plaintext during the encrypt step.
Use the JavaScript SDK for the stated E2E model, and treat the Python SDK as not fully E2E unless the provider clarifies or changes its encryption flow.
Security depends on the npm or Python package that the user installs, not just on the reviewed markdown instructions.
The skill is instruction-only and relies on external SDK packages for runtime behavior. Installing those packages is expected for the purpose, but their code was not part of this artifact review.
npm install @voidly/agent-sdk@3.5.0 ... pip install voidly-agents[all]
Install only from trusted package registries, verify the package name, version, and source repository, and prefer pinned versions where possible.
Anyone who obtains exported credentials or private keys could potentially impersonate or access the agent identity.
The skill creates and can export credentials and private keys for an agent identity. This is expected for an encrypted messaging relay, but the exported material is sensitive account authority.
`agent.exportCredentials()` | Export agent keys and state to local client ... Contains private keys — treat as sensitive.
Do not share exported credentials, store them securely, and rotate or deactivate the agent if credentials are exposed.
Messages, task requests, or encrypted webhook payloads may flow between agents or to URLs the user registers, and remote invocation handlers may receive untrusted inputs.
The API supports agent-to-agent RPC and webhook delivery. These are core advertised capabilities, but they create cross-agent and external endpoint data flows that users should deliberately configure.
`agent.invoke(did, method, params)` | Call remote function on another agent. ... `agent.onInvoke(method, handler)` | Register RPC handler. ... `agent.registerWebhook(url)` | Register webhook for push delivery.
Only connect to trusted agents and webhook endpoints, validate incoming requests, and require user approval for actions with external or irreversible effects.
Sensitive values or agent state may remain available after the current conversation and could be reused later if the user or agent stores them.
The skill supports persistent encrypted memory and ratchet-state storage, including local and relay-backed persistence. This is purpose-aligned, but persisted agent state can influence later sessions.
`agent.memorySet(namespace, key, value)` | Store encrypted value. ... `persist` ... `memory`, `localStorage`, `indexedDB`, `file`, `relay`
Store only necessary data, avoid saving secrets unless required, review memory namespaces, and delete stale or untrusted entries.