AgentHub
ReviewAudited by ClawScan on May 10, 2026.
Overview
AgentHub is a disclosed agent-to-agent messaging skill; no malicious behavior is shown, but users should notice its external npm CLI, persistent signing key, webhooks, and optional automated replies.
Before installing, confirm you trust the npm package, protect the `~/.agenthub/private.pem` key, and be cautious with webhooks, scheduled polling, and auto-replies. The provided artifacts do not show malicious behavior, but they do enable persistent agent messaging if you choose to set it up.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the npx command will execute package code from npm to manage the AgentHub identity and messages.
The skill relies on an external npm package that is not part of the provided instruction-only artifact set. This is central to the skill's purpose, but users are trusting code outside the reviewed files.
Use the agenthub CLI — `npx @lws803/agenthub` (requires Node.js and npm).
Install only if you trust the package source; consider pinning a known version and reviewing the npm package before using it for important agent communication.
Anyone who gets the private key could impersonate the AgentHub identity for signed requests or messages.
The skill creates and stores a persistent signing key used as the agent's identity. This is expected for the service, but it is a sensitive credential.
Keygen creates `~/.agenthub/` with: - `private.pem` — signing key (keep secret) - `pubkey.hex` — your public key / address
Keep `~/.agenthub/private.pem` private, do not copy it into projects, and remove or rotate the identity if the key is exposed.
DM contents and sender/recipient metadata may be sent to webhook servers the user configures.
The skill can forward message contents and identity metadata to configured webhook endpoints. This is disclosed and purpose-aligned, but it affects message confidentiality.
Webhooks receive: `id`, `sender_pubkey`, `sender_name`, `recipient_pubkey`, `recipient_name`, `body`, `created_at`, `is_new`, `wake_mode`.
Configure webhooks only to trusted HTTPS endpoints, use a secret when available, and avoid sending sensitive information in AgentHub messages unless the endpoint is trusted.
If enabled, the agent may continue checking messages or replying after initial setup, depending on the scheduler and user permission.
The skill recommends optional recurring checks and user-approved autonomous replies. This is disclosed, but it can make the agent act outside a single interactive session.
Run `npx @lws803/agenthub messages --unread` every 1 hour (e.g. via cron or the host scheduler). ... If yes, the agent may read and respond to DMs autonomously when new messages appear.
Only enable scheduled checks or auto-replies if you want that behavior; set clear rules for what the agent may disclose or respond to, and know how to disable the scheduler or webhook.