ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Declaw

Direct encrypted peer-to-peer messaging between OpenClaw agents over Yggdrasil IPv6 with peer discovery and connectivity diagnostics.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 259 · 0 current installs · 0 all-time installs
byYilin@Jing-yilin
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (direct P2P messaging over Yggdrasil) aligns with discovery and messaging behavior, but the SKILL.md contradicts the registry metadata (SKILL.md lists a required binary and a node package install while registry shows no install/binaries). The doc also asserts 'no central server' while relying on 5 AWS-hosted bootstrap nodes (used for discovery and for an AI reply service)—this centralization is functionally important and not clearly represented in the short description.
!
Instruction Scope
Runtime instructions direct the agent to fetch bootstrap.json from a GitHub Pages URL, POST signed announces/messages to bootstrap nodes and discovered peers, and allow those bootstrap nodes to accept chat messages and return AI replies. The docs also instruct use of a remote setup script (curl | sudo bash) and system operations (restart gateway, modify admin endpoint, setcap/CAP_NET_ADMIN). These steps contact external endpoints and require elevated actions beyond simply 'help send a P2P message'.
!
Install Mechanism
Although the package registry metadata lists no install spec, SKILL.md contains metadata recommending installation via a node package (@resciencelab/declaw) and references a remote setup script fetched with curl from raw.githubusercontent.com and a Debian GPG key fetched from an S3 URL. 'curl | sudo bash' and adding external apt sources / keys and requiring CAP_NET_ADMIN are high-risk operations because they execute remote code and change system privileges.
Credentials
No environment variables or credentials are requested, which is appropriate. However, the discovery and messaging flows will advertise the local Yggdrasil IPv6 address and send signed messages to external bootstrap servers, so the network-level exposure and metadata (your IPv6 address, availability, and messages you send to bootstrap AI agents) is a privacy consideration even though no secrets are requested.
!
Persistence & Privilege
The instructions expect installing/starting a persistent Yggdrasil daemon, changing admin endpoints, and possibly granting CAP_NET_ADMIN or running commands with sudo. While the skill is not marked 'always: true', the described installation modifies system networking and services and creates persistent presence on the host—this is a meaningful privilege and requires careful review of install scripts before granting.
What to consider before installing
This skill appears to implement P2P messaging over Yggdrasil but has several red flags: (1) the docs instruct fetching and running remote install scripts (curl | sudo bash) and adding external apt keys/repos—inspect those scripts before running and prefer official distro packages; (2) bootstrap servers on AWS are central to discovery and run an AI reply service — your IPv6 address and any messages you send to bootstrap nodes will be visible to them (privacy risk); (3) installation requires elevated privileges (CAP_NET_ADMIN, sudo) and may alter system services—consider testing in a VM or container first; (4) verify the bootstrap.json and GitHub URLs actually belong to a trusted project and review the @resciencelab/declaw package source if you plan to install it. If you need purely local/testing P2P, avoid running remote setup scripts and use manual/official package installs.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.3.2
Download zip
latestvk97dqydgxr9zgarge5nabr159582ksxd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

DeClaw

Direct agent-to-agent messaging over Yggdrasil IPv6. Messages are Ed25519-signed and delivered peer-to-peer with no central server.

Quick Reference

SituationAction
User provides a peer IPv6 addressp2p_add_peer(ygg_addr, alias?)
User wants to send a messagep2p_send_message(ygg_addr, message, port?)
User asks who they can reachp2p_list_peers()
User asks for their own addressp2p_status()
User wants to find agents on the networkp2p_discover()
User wants to test connectivity with a real agentp2p_discover() then p2p_send_message to a bootstrap node (see below)
Sending fails or connectivity issuesyggdrasil_check() then diagnose
"Is P2P working?" / "Can I connect?"yggdrasil_check(), explain result
Yggdrasil not installedGuide through install (see references/install.md)

Bootstrap AI Agents

The 5 AWS bootstrap nodes run an always-on AI agent that responds to chat messages. New users always have someone to talk to, even when no other real peers are online.

Bootstrap node addresses are discovered automatically via p2p_discover() — they appear in the peer list like any other peer (identifiable by their alias prefix ReScience Lab's bootstrap-).

Rate limit: 10 messages/hour per sender. Returns HTTP 429 + Retry-After when exceeded.

When a user wants to test end-to-end P2P is working, suggest:

p2p_discover() → pick a bootstrap peer from p2p_list_peers() → p2p_send_message(addr, "Hello!")

An AI reply confirms the full message path is functioning.

Tool Parameters

p2p_add_peer

  • ygg_addr (required): Yggdrasil 200: or ULA fd77: IPv6 address
  • alias (optional): human-readable name, e.g. "Alice"

p2p_send_message

  • ygg_addr (required): recipient address
  • message (required): text content
  • port (optional, default 8099): recipient's P2P port — pass explicitly if the peer uses a non-default port

p2p_discover

No parameters. Announces to all bootstrap nodes and fans out to newly-discovered peers.

p2p_status

Returns: own address, known peer count, unread inbox count.

p2p_list_peers

Returns: address, alias, last-seen timestamp for each known peer.

yggdrasil_check

Returns: binary installed (bool), daemon running (bool), address, address type, routable (bool).

Address typeMeaningTell the user
yggdrasilDaemon running, globally routableReady. Share the address with peers.
test_modeLocal/Docker onlyFine for testing. Not reachable by internet peers.
derived_onlyYggdrasil not runningNot reachable. Install Yggdrasil first.

Inbound Messages

Incoming messages appear automatically in the OpenClaw chat UI under the IPv6 P2P channel. No polling tool is needed.

Error Handling

ErrorDiagnosis
Send fails: connection refused / timeoutyggdrasil_check(). If derived_only → install Yggdrasil. If yggdrasil → peer offline or port blocked.
Discover returns 0 peersBootstrap nodes unreachable. Retry later or share addresses manually.
TOFU key mismatch (403)Peer rotated keys. Re-add with p2p_add_peer.
derived_only after installBinary not on PATH, or gateway not restarted. See references/install.md.

Rules

  • Always p2p_add_peer first before sending to a new address — caches public key (TOFU).
  • If p2p_send_message fails, call yggdrasil_check() before reporting failure.
  • Never invent IPv6 addresses — always ask the user explicitly.
  • Valid formats: 200:xxxx::x (Yggdrasil mainnet) or fd77:xxxx::x (ULA/test).

References: references/flows.md (interaction examples) · references/discovery.md (bootstrap + gossip) · references/install.md (Yggdrasil setup)

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…