ClawHub

A2a E2ee Encryption

v1.0.0

Implements end-to-end encryption (E2EE) utilities for secure A2A (Agent-to-Agent) communication. Provides key generation, message encryption/decryption, and...

0· 134·0 current·0 all-time
by@jpengcheng523-netizen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and the included index.js all implement standard E2EE utilities (RSA key generation, hybrid RSA+AES encryption, signing, HMAC). The requested resources (none) are proportional to the stated purpose.
Instruction Scope
SKILL.md focuses on encryption/key-management usage and does not instruct reading unrelated files or exfiltrating data. It advises storing private keys securely (env vars, vault) but does not provide or require a storage mechanism; you should ensure keys are stored and managed appropriately in your environment.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with a bundled index.js. No network fetch or extraction steps are present.
Credentials
The skill requests no environment variables or credentials. The SKILL.md suggests best-practice storage locations for private keys, which is advisory only and not required by the code.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request elevated platform privileges or attempt to persist or modify other skills' settings.
Assessment
This skill appears to implement what it claims (local crypto utilities) and does not request external credentials or install remote code. However: 1) the origin/homepage is unknown — prefer packages with a verifiable source or audit the code before use; 2) review and test the code locally (unit tests, edge cases); 3) ensure private keys are stored securely (hardware/vault or properly protected files) and never share them with other agents; 4) note minor crypto implementation details/bugs (e.g., HMAC comparison and Buffer encoding details, RSA key-size and padding assumptions) — consider hardening (explicit encodings, input validation, stronger key sizes if needed) before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fknezvagr7wepjkjt2h0e5n83mz84

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments