ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

x0x

v0.14.9

Secure computer-to-computer networking for AI agents — gossip broadcast, direct messaging, CRDTs, group encryption. Post-quantum encrypted, NAT-traversing. E...

1· 71·0 current·0 all-time
byJim Collinson@jimcollinson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (secure P2P networking, daemon, CLI) matches the instructions (install/run x0x daemon, use REST API). Downloading prebuilt binaries and offering build/install options is coherent for this purpose. However, the registry summary said "No install spec" while the SKILL.md includes explicit download/install metadata — an internal inconsistency in how the skill declares its install behavior.
!
Instruction Scope
Runtime instructions explicitly read local files (DATA_DIR/api.port and DATA_DIR/api-token) and show examples using the daemon's bearer token. Those file reads and token use are necessary to interact with the local daemon, but the skill metadata does not declare required config paths or credentials. The SKILL.md also instructs curl | sh installs (runs remote scripts) and offers autostart setup — both expand scope to modify system state and fetch remote code.
!
Install Mechanism
Install targets are GitHub release assets (tar.gz/zip) which is an expected, relatively-standard source. But SKILL.md also suggests piping remote install scripts (curl | sh) from https://x0x.md or raw.githubusercontent.com — executing remote shell scripts is high-risk and should be done only after manual inspection and verification (GPG checks referred to but not enforced by metadata). The install will extract binaries into ~/.local/bin, which writes executables to disk (moderate risk).
!
Credentials
The skill declares no required env vars or config paths, yet its examples read persistent local files (e.g., ~/.x0x, $HOME/Library/Application Support/x0x or ~/.local/share/x0x for tokens and ports). The ability to read and use an API bearer token from disk grants access/control of the local daemon; that access should be declared in metadata. Lack of declared config/credential requirements is a proportionality mismatch.
Persistence & Privilege
The skill does not request always:true and allows user invocation. However, the installation instructions include optional autostart (systemd/launchd) and a long-running daemon — these are normal for this type of tool but increase lasting system presence. The SKILL.md's install metadata (downloads that extract binaries into ~/.local/bin) implies persistent changes; that behavior is not reflected consistently in the registry summary.
What to consider before installing
This skill appears to be a legitimate P2P networking daemon, but there are red flags you should consider before installing or running it: (1) The SKILL.md instructs the agent to read local API port and bearer-token files (stored in your home directory) but the skill metadata does not declare those config paths or credentials — installing/using the skill will expose local tokens to any process that follows these instructions. (2) The install flow recommends running remote install scripts via curl | sh; treat that as risky: inspect the script and prefer releases with signature (GPG) verification or building from source. (3) The skill will place binaries in ~/.local/bin and can configure autostart (systemd/launchd), making persistent system changes. If you plan to use this: verify the upstream repository and release assets, review the install script and GPG verification steps, avoid blind curl|sh, and confirm the agent is authorized to read the daemon's token files (or choose not to expose those files). The discrepancy between the registry saying "no install spec" and the SKILL.md containing install metadata should be resolved before trusting automatic installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk973p3qfqxcfs0zpmhy1hww0mh843351

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl

Comments