AgentComm
WarnAudited by ClawScan on May 10, 2026.
Overview
AgentComm fits its stated messaging purpose, but it auto-installs an unpinned dependency and its file-sharing path can place files on public, persistent IPFS infrastructure despite privacy-focused wording.
Install only if you are comfortable with decentralized relays/IPFS. Do not use it for sensitive files unless you encrypt the file yourself first, protect any nsec private key, review dependency installation manually, and require confirmation before the agent sends messages or uploads files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may modify the user's Python environment and install third-party code without the normal install-time review or version pinning.
Importing or running the skill can execute pip to install a package automatically. This is not reflected by the 'No install spec' registry information and uses an unpinned package name.
except ImportError:
# Install nostr library
subprocess.run(['pip', 'install', 'nostr'], check=True)Remove runtime auto-installation, declare dependencies in the install spec, pin versions or provide a lockfile, and require explicit user approval for dependency installation.
Sensitive files shared through this skill may become retrievable by anyone with the CID/link and may persist on IPFS; the public upload service can also see the uploaded file contents.
The provided file upload path reads local file bytes and uploads them to IPFS infrastructure, including a public fallback upload endpoint, then returns a public gateway link. The artifacts do not clearly show file-content encryption before upload.
with open(file_path, 'rb') as f:
files = {'file': f}
response = requests.post(..., files=files, timeout=60)
...
"https://uploads.ipfs.io/api/v0/add"
...
"gateway_link": f"{self.gateway_url}{result['Hash']}"Encrypt file contents locally before IPFS upload, clearly warn that IPFS content is public and persistent, disable public upload fallback by default, and require explicit confirmation for every file upload.
Users may share private documents thinking the file itself is encrypted, when the artifact evidence only supports encrypted messaging of the IPFS reference.
The wording emphasizes end-to-end encryption and an encrypted link, which can lead users to believe file transfers are confidential, while the provided code shows raw file upload behavior to IPFS-related endpoints and only the link/message is clearly encrypted.
**End-to-end encrypted** — Only sender and recipient can read messages ... File uploads to IPFS, recipient receives an encrypted link.
Clarify that Nostr messages are encrypted but IPFS file contents are not shown as encrypted unless an explicit encryption step is added; update the documentation and UI warnings accordingly.
Anyone who sees the nsec private key in logs, transcripts, or shared output could impersonate that identity or decrypt messages for it.
The generated Nostr private key is printed for the user to save. This is expected for identity setup, but it is a credential that controls the agent's Nostr identity and encrypted messages.
print(f" nsec: {self.private_key.bech32()} (SAVE THIS!)")Treat the Nostr private key as a secret, avoid leaving it in chat/log history, store it in a secrets manager or protected environment variable, and declare the optional credential in metadata.