ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kasia

v1.0.0

Send and receive encrypted messages and manage handshakes on the Kaspa blockchain using Kasia protocol and mcporter tools.

0· 751·0 current·0 all-time
by@renkasiyas

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for renkasiyas/kasia.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Kasia" (renkasiyas/kasia) from ClawHub.
Skill page: https://clawhub.ai/renkasiyas/kasia
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install renkasiyas/kasia

ClawHub CLI

Package manager switcher

npx clawhub@latest install kasia
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Kasia encrypted messaging via mcporter/kaspa) match the included tooling and docs: the skill expects a local kasia-mcp and kaspa-mcp, generates payloads, and requires broadcasting via kaspa.send_kaspa. However, SKILL.md and registry metadata declare no required credentials/config paths while the runtime instructions and setup.sh clearly require and store a wallet mnemonic (KASPA_MNEMONIC) and may set an indexer URL — this mismatch is notable.
!
Instruction Scope
The SKILL.md and scripts/setup.sh instruct the user to run a setup script that: (a) accepts a wallet mnemonic on the command line, (b) writes the mnemonic into the mcporter config JSON (potentially at ./config/mcporter.json or $HOME/.openclaw/workspace/config/mcporter.json) in plaintext, (c) runs npm install/npm run build inside the supplied kasia-mcp path, and (d) recommends background polling that writes messages to a file. All steps are consistent with implementing the feature, but they expose very sensitive secrets (mnemonic) and ask the agent to read/write config and files that were not declared up‑front. Passing the mnemonic on the command line also risks leakage via shell history or process listing.
!
Install Mechanism
There is no formal install spec (instruction-only), but scripts/setup.sh will run npm install and npm run build in the user-supplied kasia-mcp directory. Building arbitrary code invokes package scripts and can execute arbitrary commands (supply‑chain risk). The skill itself does not download remote archives, but it will cause local build/installation of third‑party code if the user follows instructions.
!
Credentials
The runtime requires a wallet mnemonic/private key (KASPA_MNEMONIC) and may set KASIA_INDEXER_URL, but the registry metadata declared no required env vars or primary credential. Requesting and storing a full wallet mnemonic is proportional to on‑chain signing needs, but it is sensitive and should be explicitly declared and justified. The skill stores the secret in a user config JSON in plaintext — a high‑sensitivity action that should be highlighted to users.
Persistence & Privilege
always:false (normal). The setup script persists configuration by creating/modifying the mcporter config file and adding a 'kasia' mcpServer entry that invokes node <path>/dist/index.js. Modifying the user's mcporter config is expected for this feature, but it grants persistent capability and stores secrets — users should be aware and verify the config location and permissions.
What to consider before installing
This skill appears to do what it claims (on‑chain encrypted messaging), but it asks you to supply and stores your wallet mnemonic and to build/run code from a local kasia-mcp repository. Before installing or running: - Treat the mnemonic as highly sensitive. Do not paste a real/mainnet mnemonic on a machine or shell you don't fully control. Prefer a throwaway wallet for testing. Avoid passing secrets on the command line (shell history/process lists). - The setup script writes the mnemonic into mcporter's config file in plaintext (~/.openclaw/workspace/config/mcporter.json or ./config/mcporter.json). Inspect that file after setup and ensure its filesystem permissions are restricted. - Building kasia-mcp runs npm install/npm run build in the provided path. That can execute arbitrary package scripts. Only build code from sources you trust; review the kasia-mcp package.json and build scripts first. - The skill's docs reference an indexer API (https://indexer.kasia.fyi). Although payloads are encrypted, the indexer could still collect metadata. If you are privacy‑sensitive, review or self‑host the indexer before using mainnet. - The registry metadata does not declare the mnemonic/env requirement—this is an omission. If you need to use real funds, ask the author to document required secrets and config paths explicitly, provide verification of the kasia-mcp code, or run the skill in an isolated environment. If uncertain: test with a throwaway wallet on a separate machine/container and inspect the generated mcporter config and the kasia-mcp code before trusting real funds or long‑term keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk97710hdcddccwhzbyexzbe3m181527y
751downloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
@renkasiyas
latest
Download

Kasia — Encrypted Messaging on Kaspa

Send and receive encrypted messages on the Kaspa blockchain via the Kasia protocol. Uses mcporter to call kasia-mcp tools.

Prerequisites

  • mcporter installed (npm install -g mcporter)
  • kasia-mcp built and configured in config/mcporter.json
  • kaspa-mcp configured (same wallet) — needed to broadcast transactions
  • Wallet mnemonic or private key set in mcporter config

Run scripts/setup.sh to configure automatically:

scripts/setup.sh /path/to/kasia-mcp --mnemonic "your twelve word phrase" --network mainnet

Verify: mcporter list kasia (should show 8 tools)

Tools

Call via mcporter call kasia.<tool> from the workspace directory.

Read Operations (no transaction needed)

ToolPurposeExample
kasia_get_conversationsList all conversations + statusmcporter call kasia.kasia_get_conversations
kasia_get_requestsPending incoming handshakesmcporter call kasia.kasia_get_requests
kasia_get_messagesRead decrypted messagesmcporter call kasia.kasia_get_messages address="kaspa:q..."
kasia_read_self_stashRead encrypted private datamcporter call kasia.kasia_read_self_stash scope="notes"

Write Operations (two-step: generate payload → broadcast)

Write tools return a payload and instructions. Broadcast with kaspa.send_kaspa:

# Step 1: Generate payload
mcporter call kasia.kasia_send_handshake address="kaspa:q..."
# Returns: { action, to, amount, payload, instructions }

# Step 2: Broadcast (use the returned values)
mcporter call 'kaspa.send_kaspa(to: "kaspa:q...", amount: "0.2", payload: "<hex>")'
ToolPurpose
kasia_send_handshakeStart a conversation with someone
kasia_accept_handshakeAccept an incoming handshake request
kasia_send_messageSend an encrypted message in an active conversation
kasia_write_self_stashStore encrypted private data on-chain

Conversation Flow

  1. Check requests: kasia_get_requests — see pending incoming handshakes
  2. Start or accept: kasia_send_handshake or kasia_accept_handshake → broadcast with kaspa.send_kaspa
  3. Chat: kasia_send_message → broadcast. Read replies with kasia_get_messages
  4. Pay: Use kaspa.send_kaspa directly for payments (no Kasia-specific tool needed)

Conversation Status

  • pending_outgoing — You sent a handshake, waiting for acceptance
  • pending_incoming — Someone sent you a handshake, needs acceptance
  • active — Both sides completed handshake, can exchange messages

Background Polling

For real-time message relay, set up a background poller:

  1. Create a polling script that calls kasia_get_messages every N seconds
  2. Track seen transaction IDs to avoid duplicates
  3. Write new messages to a file (e.g., memory/kasia-new-messages.jsonl)
  4. Use a cron job or heartbeat check to relay new messages to the user

See references/protocol.md for the full protocol specification and indexer API details.

Important

  • Mainnet only — kasia-mcp enforces mainnet (messaging isn't available on testnet)
  • Two-step writes — Write tools generate payloads; you must broadcast with kaspa.send_kaspa
  • Same wallet — kasia-mcp and kaspa-mcp must use the same mnemonic/key
  • Costs KAS — Every message is a transaction (~0.2 KAS minimum per tx)

Comments

Loading comments...