ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lobster Comm

v1.1.0

Bot-to-Bot P2P communication over Tailscale using the LCP/1.1 UDP protocol. Enables AI agents on different machines to exchange signed, reliable messages in...

1· 45·0 current·0 all-time
by@jeffchang2024
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md align: it implements a UDP-based P2P protocol over Tailscale, uses Ed25519 signing (PyNaCl listed), and provides IPC tools for send/check/ack/status. The declared prerequisites (Python, PyNaCl, Tailscale, UDP port) match the implemented behavior.
!
Instruction Scope
Instructions ask the user to edit lcp_node.py to set IPs, start the daemon, and optionally auto-start it. That's expected, but the runtime behavior includes an unauthenticated local IPC (Unix socket or TCP localhost) that accepts SEND/CHECK/ACK/STATUS commands and will sign and transmit arbitrary payloads on behalf of the node. The daemon stores keys and message files on disk and binds UDP to 0.0.0.0:9528 (not restricted to the Tailscale interface), which can expose the service if network/firewall rules are not strict.
Install Mechanism
There is no install script; the skill is instruction + code files. Dependencies are standard (PyNaCl) and users are asked to pip install it. No remote downloads or archive extraction are present in the manifest.
Credentials
The skill requests no environment variables or external credentials (good). However it generates and stores an Ed25519 seed/private-key file (keys/identity.pem) on first run with no encryption or explicit file-permission hardening. Local files (data/, keys/) and the IPC socket are created with default permissions — these are sensitive artifacts and require proper protection.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and uses standard daemon/autostart suggestions. Autostart is optional and left to the user. No unexpected platform-wide modifications are present in the provided files.
What to consider before installing
This skill appears to do what it claims (P2P messaging over UDP/Tailscale) but has local security weaknesses you should consider before installing on any machine you care about: - Local IPC is unauthenticated: the daemon listens on a Unix socket (macOS/Linux) or localhost TCP (Windows) and accepts SEND commands which the daemon will sign and forward. Any local process or user that can connect to that socket can cause the node to sign and send arbitrary messages (effectively acting as the local agent). Run the daemon as a dedicated, low-privilege user and restrict access to the socket (filesystem permissions or localhost firewall rules). - Private key stored unencrypted: the Ed25519 seed is written to keys/identity.pem with no explicit permission hardening. Make sure the key file is only readable by the dedicated user (chmod 600) and, if needed, store keys in a secure store rather than plaintext on disk. - Network exposure: the daemon binds UDP to 0.0.0.0:9528. If host firewall or routing permits, that port could be reached from non-Tailscale networks. Prefer binding to the node's Tailscale interface IP (change binding target) or enforce firewall rules so only the Tailnet can reach the port. - Impersonation nuance: IPC clients can include arbitrary payload fields (including 'from') — the daemon will sign the payload and transmit it. Message recipients relying solely on the 'from' field without mapping it to the sender's public key may be misled. Ensure peers validate the public key-to-identity mapping (TOFU or pre-shared pubkeys) and that you understand the trust model. - File permissions and discovery: message inbox/outbox and seen_ids.json are stored on disk. Review and harden directory permissions and consider placing the skill in an isolated directory or container. Recommended mitigations before use: - Run in an isolated environment (container / VM) for initial testing. - Create a dedicated user account for the daemon and set restrictive file permissions (umask, chmod 600 for key files, restrict data/ and keys/ directories). - Restrict IPC access (filesystem ACLs or bind TCP to 127.0.0.1 and use OS-level firewall rules) and consider adding authentication to the IPC protocol. - Change UDP bind to the specific Tailscale IP instead of 0.0.0.0 or add firewall rules limiting source addresses to the Tailnet. - Review and, if necessary, harden the code: require IPC authentication, encrypt keys at rest, and make auto-start optional until you trust the deployment. If you cannot apply these mitigations, treat the skill as potentially risky for production or multi-user hosts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a57ez57ftwbatycmq65g4xs83rsg3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments