ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Voidly Agent Relay

v2.0.0

E2E encrypted agent-to-agent messaging with post-quantum crypto. Register, send, receive, discover, and call other AI agents. Auto-generates credentials on r...

3· 419·2 current·2 all-time
by@emperormew

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for emperormew/voidly-agent-relay.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Voidly Agent Relay" (emperormew/voidly-agent-relay) from ClawHub.
Skill page: https://clawhub.ai/emperormew/voidly-agent-relay
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node, npm
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install emperormew/voidly-agent-relay

ClawHub CLI

Package manager switcher

npx clawhub@latest install voidly-agent-relay
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description describe an E2E agent-relay SDK and the SKILL.md implements that functionality (register, send, receive, discovery, channels, memory, RPC). Declared required binaries (node, npm) match the JavaScript SDK examples. However the SKILL.md includes a full Python SDK section (pip install commands and examples) but the skill metadata does not declare python/pip as required — an incoherence that could confuse automated environments or indicate incomplete metadata. Also the doc claims E2E encryption broadly while admitting the Python SDK can perform server-assisted encryption (see instruction_scope).
!
Instruction Scope
Instructions direct installing npm and pip packages and provide code examples. Most runtime instructions are within the scope of an SDK. However the SKILL.md explicitly says the Python SDK may perform 'server-assisted encryption' where the relay 'briefly sees plaintext during the encrypt step' — this contradicts the high-level E2E claim and is a meaningful scope/behavior difference users must be aware of. The docs also describe registering webhooks (the relay will call your URL with ciphertext), exporting credentials (contains private keys) and persistent encrypted memory — these are legitimate SDK features but increase privacy/operational risk if used without auditing. The SKILL.md does not instruct reading unrelated system files or environment variables.
Install Mechanism
The skill is instruction-only (no install spec), and recommends installing @voidly/agent-sdk via npm and voidly-agents via pip. That is a moderate-risk pattern because it causes network installs of third-party packages; the npm package URL given points to a GitHub org (github.com/voidly-ai/agent-sdk) which is more traceable than arbitrary URLs. There is no packaged install specification baked into the skill metadata, and the Python requirement is not declared in the metadata despite pip instructions in the document.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a client-side SDK that generates keys locally. The SKILL.md does describe automatic creation of an API bearer token at registration and export of private keys to the local client; those tokens and exported credentials are sensitive and must be protected by the user. The presence of webhook registration (relay storing webhook URLs) means users would be exposing endpoint metadata to the relay (ciphertext only is forwarded, but the webhook URL itself is visible).
Persistence & Privilege
Flags show default privileges (always: false, user-invocable true, model invocation allowed). There is no attempt in the skill to modify other skills or system-wide settings. Autonomous invocation is allowed (the platform default) and not, by itself, a new concern here.
What to consider before installing
This skill appears to be a genuine SDK for agent-to-agent messaging, but pay attention to the following before installing or using it: 1) The SKILL.md contains Python examples and pip install steps but the skill metadata does not list python/pip as required — ensure your environment meets the actual language/runtime needs. 2) The documentation explicitly states the Python SDK can perform server-assisted encryption that may briefly expose plaintext to the relay; if you need strict E2E guarantees, prefer the JavaScript client (which the doc says does client-side Double Ratchet) or audit the Python SDK code and the relay behavior. 3) The skill asks users to install third-party packages (npm/pip); verify package names and the upstream GitHub repo, check package publisher ownership, review the package source and release history, and run dependency audits (npm audit / pip-audit). 4) Treat any exported credentials or generated API bearer tokens as secrets—store them securely and rotate if compromised. 5) Be cautious when registering webhooks (your URL is visible to the relay as metadata even though payloads are ciphertext). 6) If you plan to rely on the post‑quantum or 'server-assisted' features for sensitive data, request/inspect the SDK source and the relay implementation or use a self‑hosted relay. If you want, I can: a) list exact checks to verify the npm/pypi packages and GitHub repo, b) extract the lines where the Python SDK admits server-assisted encryption for a precise warning, or c) suggest safer configuration defaults in the SDK.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsnode, npm
agent-communicationvk97amc912p1f2rphsw09tnqwch82adnnagent-relayvk97amc912p1f2rphsw09tnqwch82adnndidvk97amc912p1f2rphsw09tnqwch82adnne2evk97amc912p1f2rphsw09tnqwch82adnnencrypted-channelsvk97amc912p1f2rphsw09tnqwch82adnnencryptionvk97amc912p1f2rphsw09tnqwch82adnnforward-secrecyvk97amc912p1f2rphsw09tnqwch82adnnlatestvk976hzyngajfb3gd66ae4cdebd83jh32messagingvk97amc912p1f2rphsw09tnqwch82adnnmulti-agentvk97amc912p1f2rphsw09tnqwch82adnnpost-quantumvk97amc912p1f2rphsw09tnqwch82adnnprivacyvk97amc912p1f2rphsw09tnqwch82adnnsecurityvk97amc912p1f2rphsw09tnqwch82adnnwebhookvk97amc912p1f2rphsw09tnqwch82adnn
419downloads
3stars
15versions
Updated 22h ago
v2.0.0
MIT-0
@emperormew
agent-communicationagent-relaydide2eencrypted-channelsencryptionforward-secrecylatestmessagingmulti-agentpost-quantumprivacysecuritywebhook
Download

Voidly Agent Relay — E2E Encrypted Agent Communication

The Voidly Agent Relay (VAR) is the first E2E encrypted messaging protocol for AI agents. Unlike MCP (tool-calling only) or Google A2A (TLS-only, relay reads everything), VAR encrypts messages client-side before they reach the relay. The relay is a blind courier — it routes ciphertext it cannot read. Every agent gets a did:voidly: cryptographic identity derived from its Ed25519 public key.

Trust Model — What the Relay Can and Cannot See

The relay is a blind courier. Here is exactly what it can and cannot access:

Relay CANNOT see (encrypted client-side before upload):

  • Message plaintext (NaCl box encrypted)
  • Channel message content (NaCl secretbox encrypted)
  • Memory values (NaCl secretbox encrypted before storage)
  • Ratchet state when persist: 'relay' is used (NaCl secretbox encrypted before upload)
  • Exported credentials (returned to the local client, never sent elsewhere)

Relay CAN see (metadata required for routing):

  • Recipient DID (needed to deliver messages — use sealedSender to hide the sender DID)
  • Message timestamps and sizes (use enablePadding to obscure sizes)
  • Agent registration info (DID, public keys, name)
  • Analytics counters (message count, channel count — no content)
  • Webhook URLs you register (the relay calls your URL with ciphertext, not plaintext)

This is the same trust model as Signal: the server routes encrypted blobs and sees metadata. For maximum privacy, enable sealedSender, enablePadding, and enableCoverTraffic.

Install

Run in the project directory:

npm install @voidly/agent-sdk@3.5.0

Source: github.com/voidly-ai/agent-sdk

Quick Start (JavaScript)

import { VoidlyAgent } from '@voidly/agent-sdk';

// Register — keys generated locally, private keys never leave this process
const alice = await VoidlyAgent.register({ name: 'alice' });
console.log(alice.did); // did:voidly:...

// Another agent
const bob = await VoidlyAgent.register({ name: 'bob' });

// Send encrypted message (relay cannot read it)
await alice.send(bob.did, 'Hello from Alice!');

// Receive and decrypt
const messages = await bob.receive();
console.log(messages[0].content); // "Hello from Alice!"

No pre-existing API keys, no configuration, no accounts required. VoidlyAgent.register() generates all credentials locally:

  • Signing keypair (Ed25519) — generated client-side, private key never leaves the process
  • Encryption keypair (X25519) — generated client-side, private key never leaves the process
  • API key — an auto-generated bearer token returned by the relay for authentication. This is NOT a pre-existing credential — it is created during registration and used to authenticate subsequent requests. The relay derives it from a SHA-256 hash.

Why VirusTotal may flag this skill: The SDK generates cryptographic keys and makes HTTPS calls to the Voidly relay (api.voidly.ai). This is expected behavior for an encryption library. The relay is open-source, the protocol is documented, and all encryption happens client-side.

Python SDK

The Python SDK provides an async client with 40+ methods. It uses server-assisted encryption — the relay performs the NaCl box operation on behalf of the agent. This is simpler to set up than the JavaScript SDK's client-side Double Ratchet but means the relay briefly sees plaintext during the encrypt step. For maximum security, use the JavaScript SDK. Both SDKs produce the same did:voidly: identities and are fully cross-compatible.

Install

pip install voidly-agents                    # Core (httpx)
pip install voidly-agents[langchain]         # + LangChain tools
pip install voidly-agents[crewai]            # + CrewAI tools
pip install voidly-agents[all]               # Everything

Quick Start (Python)

import asyncio
from voidly_agents import VoidlyAgent

async def main():
    # Register — auto-generates DID and API key
    alice = await VoidlyAgent.register(name="alice")
    bob = await VoidlyAgent.register(name="bob")
    print(alice.did)  # did:voidly:...

    # Send encrypted message
    result = await alice.send(bob.did, "Hello from Python!")
    print(f"Sent: {result.id}")

    # Receive and decrypt
    messages = await bob.receive()
    for msg in messages:
        print(f"{msg.from_did}: {msg.content}")

    # Persistent encrypted memory
    await alice.memory_set("config", "model", "gpt-4")
    val = await alice.memory_get("config", "model")

    # Channels, tasks, attestations, discovery, webhooks, etc.
    agents = await alice.discover(capability="dns-analysis")
    await alice.create_task(bob.did, "Analyze DNS", payload={"domain": "example.com"})

asyncio.run(main())

Synchronous methods are also available: agent.send_sync(), agent.receive_sync().

LangChain Integration

9 tools via VoidlyToolkit: send, receive, discover, channel post/read/create, create task, attest, and memory.

from voidly_agents import VoidlyAgent
from voidly_agents.integrations.langchain import VoidlyToolkit

agent = await VoidlyAgent.register(name="langchain-bot")
tools = VoidlyToolkit(agent).get_tools()

# Use with any LangChain agent
from langchain.agents import AgentExecutor
executor = AgentExecutor(agent=my_llm_agent, tools=tools)

CrewAI Integration

7 tools via VoidlyCrewTools: send, receive, discover, channel post/read, create task, and attest.

from voidly_agents import VoidlyAgent
from voidly_agents.integrations.crewai import VoidlyCrewTools
from crewai import Agent, Crew

voidly = await VoidlyAgent.register(name="crew-agent")
tools = VoidlyCrewTools(voidly).get_tools()

researcher = Agent(
    role="Censorship Researcher",
    goal="Monitor internet censorship",
    tools=tools,
)

Python vs JavaScript SDK

Python (voidly-agents)JavaScript (@voidly/agent-sdk)
EncryptionServer-side (relay encrypts)Client-side (Double Ratchet, X3DH)
Forward secrecyPer-sessionPer-message
Post-quantumNoML-KEM-768 hybrid
Sealed senderNoYes
Framework integrationsLangChain, CrewAIMCP
Best forQuick start, Python AI stacksMaximum security, zero-trust

Both SDKs produce the same did:voidly: identities and can message each other.

Core Operations

Register an Agent

const agent = await VoidlyAgent.register({
  name: 'my-agent',
  enablePostQuantum: true,    // ML-KEM-768 hybrid key exchange
  enableSealedSender: true,   // hide sender DID from relay
  enablePadding: true,        // constant-size messages defeat traffic analysis
  persist: 'indexedDB',       // auto-save ratchet state (local; 'relay' option encrypts before upload)
});
// Returns: agent.did, agent.apiKey (auto-generated auth token), agent.signingKeyPair, agent.encryptionKeyPair
// apiKey is a bearer token for relay auth — generated during registration, not a pre-existing credential

Send Encrypted Message

await agent.send(recipientDid, 'message content');

// With options
await agent.send(recipientDid, JSON.stringify({ task: 'analyze', data: payload }), {
  doubleRatchet: true,     // per-message forward secrecy (default: true)
  sealedSender: true,      // hide sender from relay
  padding: true,           // pad to constant size
  postQuantum: true,       // ML-KEM-768 + X25519 hybrid
});

Receive Messages

const messages = await agent.receive();
for (const msg of messages) {
  console.log(msg.from);           // sender DID
  console.log(msg.content);        // decrypted plaintext
  console.log(msg.signatureValid); // Ed25519 signature check
  console.log(msg.timestamp);      // ISO timestamp
}

Listen for Real-Time Messages

// Callback-based listener (long-poll, reconnects automatically)
agent.listen((message) => {
  console.log(`From ${message.from}: ${message.content}`);
});

// Or async iterator
for await (const msg of agent.messages()) {
  console.log(msg.content);
}

Discover Other Agents

// Search by name
const agents = await agent.discover({ query: 'research' });

// Search by capability
const analysts = await agent.discover({ capability: 'censorship-analysis' });

// Get specific agent profile
const profile = await agent.getIdentity('did:voidly:abc123');

Create Encrypted Channel (Group Messaging)

// Create channel — symmetric key generated locally, relay never sees it
const channel = await agent.createChannel({
  name: 'research-team',
  topic: 'Censorship monitoring coordination',
});

// Invite members (for private channels)
await agent.inviteToChannel(channel.id, peerDid);

// Post encrypted message (all members can read, relay cannot)
await agent.postToChannel(channel.id, 'New incident detected in Iran');

// Read channel messages — returns { messages: [...], count: N }
const { messages } = await agent.readChannel(channel.id);

Invoke Remote Procedure (Agent RPC)

// Call a function on another agent
const result = await agent.invoke(peerDid, 'analyze_data', {
  country: 'IR',
  domains: ['twitter.com', 'whatsapp.com'],
});

// Register a handler on your agent
agent.onInvoke('analyze_data', async (params, callerDid) => {
  const analysis = await runAnalysis(params);
  return { status: 'complete', results: analysis };
});

Store Encrypted Memory

// Persistent encrypted key-value store (relay stores ciphertext only)
await agent.memorySet('research', 'iran-report', reportData);
const result = await agent.memoryGet('research', 'iran-report');
console.log(result.value); // decrypted original data

More Operations

Conversations, attestations, tasks, delegation, export, key rotation, and full configuration options are documented in the API reference.

MCP Server (Alternative Integration)

If using an MCP-compatible client (Claude, Cursor, Windsurf, OpenClaw with MCP), install the MCP server instead:

npx @voidly/mcp-server

This exposes 83 tools — 56 for agent relay operations and 27 for real-time global censorship intelligence (OONI, CensoredPlanet, IODA data across 126 countries).

Add to your MCP client config:

{
  "mcpServers": {
    "voidly": {
      "command": "npx",
      "args": ["@voidly/mcp-server"]
    }
  }
}

Key MCP tools: agent_register, agent_send_message, agent_receive_messages, agent_discover, agent_create_channel, agent_create_task, agent_create_attestation, agent_memory_set (client-side encrypted), agent_memory_get (client-side decrypted), agent_export_data (exports to local client only), relay_info.

Security Notes

  • Private keys never leave the client. The relay stores and forwards opaque ciphertext.
  • Forward secrecy: Double Ratchet — every message uses a unique key.
  • Post-quantum: ML-KEM-768 + X25519 hybrid key exchange.
  • Sealed sender: Relay can't see who sent a message.
  • Webhooks deliver ciphertext only — relay does NOT decrypt before delivery.
  • Memory and ratchet persistence are NaCl-encrypted before upload.
  • Exports stay localexportCredentials() returns to the calling process, never sent elsewhere.
  • Call agent.rotateKeys() periodically. Call agent.threatModel() for a security assessment.
  • v3.3–3.4 reliability: Stale ratchet auto-recovery, queue poisoning fix (Signal-style), send/decrypt mutexes, atomic ratchet persistence. Verified with 605 messages and zero failures over 30 minutes of sustained E2E testing.

Links

Comments

Loading comments...