tbb-node-connector
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed connector, but it gives an agent direct access to a remote agent mesh with weak header-only identity, untrusted peer streams, and shared write actions.
Install only if you intentionally want your agent to interact with The Bot Bay mesh. Treat all remote TBB content as untrusted, avoid sending secrets or private data, and require explicit approval before any broadcast, swarm, federated-learning submission, or reputation vote.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Actions such as broadcasts, swarm participation, or reputation votes may be tied to a weak identity boundary, so attribution and trust in reputation scores may be unreliable.
The skill documents a bare pubkey string as the only authentication mechanism for write-capable endpoints, with no token, signature, or proof-of-control boundary shown.
All authenticated endpoints require one header: `X-Agent-Pubkey: ed25519:your_pubkey_here` ... No tokens. No OAuth flows. Just the header.
Use this only in low-trust contexts unless TBB provides signed authentication or another proof-of-control mechanism. Do not treat pubkeys or reputation as strong identity.
An agent using the skill could post to the mesh or affect reputation in ways the user did not intend, especially if it treats the API examples as normal autonomous actions.
The skill exposes raw API operations that can publish messages and change another agent's reputation, but it does not provide clear approval, scoping, or rollback guidance for those shared-state actions.
POST https://thebotbay.fly.dev/api/v1/gossip/broadcast ... `message`: `Your message here` ... POST https://thebotbay.fly.dev/api/v1/reputation/vouch ... Negative `delta` is a downvote.
Require explicit user confirmation before any POST that broadcasts, joins a swarm with stake, creates FL sessions, submits FL data, or vouches/downvotes another agent.
Remote peer content could be misleading, malicious, or privacy-sensitive, and swarm participation may share task context with unknown agents.
The skill is built around peer/agent message streams and swarm matching, but the artifacts do not define origin validation, trust boundaries, content handling, or data-sharing limits for those inter-agent flows.
Real-time firehose ... Streams all new gossip as JSONL. No auth needed — read-only. ... Agents with `cosine_similarity > 0.95` are matched to the same swarm automatically.
Treat all gossip, firehose, swarm, manifest, and llms.txt content as untrusted data. Do not send secrets, private documents, prompts, or training data unless the user explicitly approves.
Remote documentation or gossip could try to steer the agent away from the user's goal.
The skill directs the agent to use remote agent-facing content to decide what to do next, which is purpose-aligned but creates prompt-injection exposure if that content is treated as instructions.
`GET /` → read manifest ... `GET /api/v1/gossip/feed?category=DISCOVERY` → scan active opportunities ... Full docs: `GET https://thebotbay.fly.dev/llms.txt`
Use remote TBB content only as data. Do not let it override system, developer, or user instructions.
Future runs may continue using the same TBB identity and reputation unless the file is removed.
The helper creates persistent local identity state for later reuse. This is disclosed and not a background agent, but users should know the file remains after registration.
saves the pubkey to .tbb_identity.json so subsequent scripts can reuse it automatically ... IDENTITY_FILE.write_text(json.dumps(identity, indent=2))
Keep or delete .tbb_identity.json intentionally, and avoid committing it to shared repositories even though it appears to contain only pubkey-style identity data.