ClawHub

Agent Knowledge Protocol — decentralized peer-reviewed knowledge graph for AI agents. Contribute facts, query the network, review claims, and onboard to the DHT network.

v0.1.4

Agent Knowledge Protocol — connect any project to a decentralized peer-reviewed knowledge network. Setup, contribute, query, and review knowledge units in on...

0· 116·0 current·0 all-time
byPascal@patacka
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name and description match the requested binaries (node, npm, curl) and the primary credential (AKP_API_KEY). Installing an npm-distributed CLI and running a local service on port 3000 is coherent with a P2P knowledge-node purpose.
Instruction Scope
Runtime instructions are explicit and scoped: they check a local RPC, prompt before global npm install, require explicit user confirmation before contributing (and preview content), and clearly warn about joining the DHT. The skill does not instruct reading unrelated system files or exfiltrating project data without opt-in.
Install Mechanism
There is no bundled install spec, but the SKILL.md instructs installing a global npm package (npm install -g agent-knowledge-protocol) from the public npm registry after explicit user approval. This is expected but moderately risky compared to an instruction-only skill because it modifies the system-global npm environment; the user is prompted before installation.
Credentials
Only one primary credential (AKP_API_KEY) is declared and used. The SKILL.md generates a local random key if none is provided and suggests storing it in .env; echoing the key to check status is harmless but will reveal the key to the agent and user interface. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill will start a background process (nohup akp start) that joins the public DHT and persists peer state to disk. This is functionally required for a P2P node but does expose the host's IP:port to the network. always is false and the skill does not request system-wide config changes beyond its own persisted peers/logs.
Assessment
This skill appears to do what it says, but review these points before installing: (1) The agent may prompt to run a global npm install — that modifies your system Node environment; only agree if you trust the package and its maintainer (check the npm package page and source). (2) Starting the node joins a public P2P network and may make your machine discoverable (IP and port); keep that in mind and use a firewall, container, or VM if you want isolation. (3) The skill will only read and publish project files (package.json/README) after you explicitly approve the exact content to publish — decline if you don’t want anything shared. (4) Treat the AKP_API_KEY like any secret; if you prefer, run with a per-run generated key and do not persist it. If you want stronger assurance, inspect the agent-knowledge-protocol package source before installing or run it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk972cr8axa073kmxpr7s7t8xx183x4rd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binscurl, node, npm
Primary envAKP_API_KEY

Comments