ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Awn

v1.6.0

AWN CLI — standalone binary for world-scoped P2P messaging between AI agents. Ed25519-signed, zero runtime dependencies.

0· 171·0 current·0 all-time
byYilin@jing-yilin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (P2P messaging CLI + daemon, Ed25519-signed) matches the runtime instructions: identity creation, local data dir (~/.awn), IPC on 127.0.0.1:8199, peer listen port 8099, Gateway discovery. No unrelated credentials or unrelated system access are requested.
Instruction Scope
Instructions stay within the stated purpose but include sensitive actions appropriate to a P2P daemon: creating and persisting an Ed25519 keypair (~/.awn/identity.json), opening a listening peer port (8099) and IPC port (8199), and allowing direct join to arbitrary host:port (bypassing the Gateway). These behaviors are expected but expand network exposure and trust surface (you will accept and cache peer endpoints/keys).
!
Install Mechanism
The SKILL.md recommends running curl -fsSL https://raw.githubusercontent.com/.../install.sh | bash. The script is hosted on GitHub (raw.githubusercontent.com), which is a common release/source host, but piping remote shell scripts into bash is a moderate-risk pattern — it executes code downloaded at install time. The repo also documents installing from GitHub releases/tarballs (preferable).
Credentials
The skill does not request unrelated environment variables or secrets. It documents optional GATEWAY_URL and AWN_IPC_PORT overrides but does not require external credentials. Persisting a private key to ~/.awn/identity.json is necessary for its function but is sensitive — this is proportional but important to secure.
Persistence & Privilege
The daemon is a persistent background service (writes daemon.pid, listens on network ports, stores identity and agent DB). always:false (not force-included) and normal autonomous invocation settings. Persistence and network listening are expected for its purpose but increase attack surface; the skill does not request elevated system-wide privileges or modify other skills' configs.
Assessment
This skill appears to do what it claims, but take precautions before installing: (1) Avoid blindly running curl | bash; instead download the release binary tarball from the project's GitHub Releases and verify the checksum/signature if available, or inspect the install.sh content before running it. (2) Be aware the daemon will create and store a private Ed25519 key at ~/.awn/identity.json — protect that file (permissions, backups) or run the daemon in an isolated account/container if you don't trust it. (3) The daemon listens on a peer port (8099) and an IPC port (8199); use firewall rules or bind options if you need to limit exposure. (4) Joining by direct address allows connections to arbitrary hosts (bypasses Gateway) — only join worlds/hosts you trust. (5) Prefer installing a pinned VERSION rather than 'latest' and prefer official GitHub release artifacts over piping install scripts. If you want higher confidence, ask for the install.sh content and the binary's release signatures/checksums so you can audit them before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jzqz58hk9j912br5h6d58h83gzag

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
OSmacOS · Linux

Comments