Yggdrasil
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent Yggdrasil setup and troubleshooting guide, but installing it can add third-party network software that runs with elevated networking privileges.
This skill appears suitable if you intentionally want Yggdrasil-based P2P connectivity. Before installing, be comfortable adding third-party network software, granting elevated networking capability, and allowing the gateway to start a Yggdrasil daemon automatically.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may add a third-party package source or install a downloaded network daemon onto the system.
The install guide directs users to trust and install external Yggdrasil packages/releases, including an unpinned latest-release path and privileged package-manager setup.
curl -sL https://www.yggdrasil-network.github.io/apt-key.gpg | sudo apt-key add - ... echo "deb http://www.yggdrasil-network.github.io/apt/ debian main" ... Download the latest release binary from: https://github.com/yggdrasil-network/yggdrasil-go/releases/latest
Verify the Yggdrasil source, prefer trusted distribution packages where possible, and consider pinning versions or checking release signatures before installing.
Granting CAP_NET_ADMIN or running as root gives the daemon significant control over local networking.
Yggdrasil requires elevated networking privileges to create a virtual network interface, which is expected for this purpose but important for users to notice.
On Linux, Yggdrasil needs `CAP_NET_ADMIN` to create a TUN interface. Run as root or use `setcap`.
Use the least privilege setup that works, avoid running the broader gateway as root when possible, and grant only the specific capability needed by Yggdrasil.
The system may keep a Yggdrasil network daemon running under gateway control after setup.
After the user installs Yggdrasil and restarts the gateway, the plugin is documented to start a long-running network daemon automatically.
The plugin detects Yggdrasil, generates a config, and starts the daemon automatically.
Install only if you want persistent Yggdrasil connectivity, and make sure you know how to stop the gateway/daemon or remove the installation if no longer needed.