Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Declaw
v0.3.2Direct encrypted peer-to-peer messaging between OpenClaw agents over Yggdrasil IPv6 with peer discovery and connectivity diagnostics.
⭐ 0· 386·0 current·0 all-time
byYilin@jing-yilin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (direct P2P messaging over Yggdrasil) aligns with discovery and messaging behavior, but the SKILL.md contradicts the registry metadata (SKILL.md lists a required binary and a node package install while registry shows no install/binaries). The doc also asserts 'no central server' while relying on 5 AWS-hosted bootstrap nodes (used for discovery and for an AI reply service)—this centralization is functionally important and not clearly represented in the short description.
Instruction Scope
Runtime instructions direct the agent to fetch bootstrap.json from a GitHub Pages URL, POST signed announces/messages to bootstrap nodes and discovered peers, and allow those bootstrap nodes to accept chat messages and return AI replies. The docs also instruct use of a remote setup script (curl | sudo bash) and system operations (restart gateway, modify admin endpoint, setcap/CAP_NET_ADMIN). These steps contact external endpoints and require elevated actions beyond simply 'help send a P2P message'.
Install Mechanism
Although the package registry metadata lists no install spec, SKILL.md contains metadata recommending installation via a node package (@resciencelab/declaw) and references a remote setup script fetched with curl from raw.githubusercontent.com and a Debian GPG key fetched from an S3 URL. 'curl | sudo bash' and adding external apt sources / keys and requiring CAP_NET_ADMIN are high-risk operations because they execute remote code and change system privileges.
Credentials
No environment variables or credentials are requested, which is appropriate. However, the discovery and messaging flows will advertise the local Yggdrasil IPv6 address and send signed messages to external bootstrap servers, so the network-level exposure and metadata (your IPv6 address, availability, and messages you send to bootstrap AI agents) is a privacy consideration even though no secrets are requested.
Persistence & Privilege
The instructions expect installing/starting a persistent Yggdrasil daemon, changing admin endpoints, and possibly granting CAP_NET_ADMIN or running commands with sudo. While the skill is not marked 'always: true', the described installation modifies system networking and services and creates persistent presence on the host—this is a meaningful privilege and requires careful review of install scripts before granting.
What to consider before installing
This skill appears to implement P2P messaging over Yggdrasil but has several red flags: (1) the docs instruct fetching and running remote install scripts (curl | sudo bash) and adding external apt keys/repos—inspect those scripts before running and prefer official distro packages; (2) bootstrap servers on AWS are central to discovery and run an AI reply service — your IPv6 address and any messages you send to bootstrap nodes will be visible to them (privacy risk); (3) installation requires elevated privileges (CAP_NET_ADMIN, sudo) and may alter system services—consider testing in a VM or container first; (4) verify the bootstrap.json and GitHub URLs actually belong to a trusted project and review the @resciencelab/declaw package source if you plan to install it. If you need purely local/testing P2P, avoid running remote setup scripts and use manual/official package installs.Like a lobster shell, security has layers — review code before you run it.
latestvk97dqydgxr9zgarge5nabr159582ksxd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.