ClawChat - P2P Agent Communication

v0.0.3

Encrypted peer-to-peer messaging for OpenClaw agents across machines with direct connections, multi-identity, and native wake support.

⭐ 0· 1.9k·1 current·1 all-time

by@alexrudloff

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/README/SKILL.md and the included source code (libp2p, Noise, Stacks wallet SDK, daemon, CLI) consistently implement a P2P gateway for agents using Stacks identities. Declared dependencies (libp2p, @stacks/*) are appropriate for the stated purpose.

ℹ

Instruction Scope

Runtime docs instruct git clone, npm install, build, run a daemon, and use password/mnemonic files. The CLI code reads password files and mnemonic files and prints the generated mnemonic to stdout on identity creation — behavior that is coherent with setup but has data-handling implications (seed phrases printed and stored).

✓

Install Mechanism

There is no platform install spec in the registry metadata, but SKILL.md explicitly instructs cloning from GitHub and building via npm — a standard install path. No obscure download URLs or extract-from-arbitrary-host steps were found in the provided manifests.

ℹ

Credentials

The package requests no environment variables, which matches metadata. However the tool manages highly sensitive credentials (24-word seed, encrypted identity files, node private keys), reads password/mnemonic files, and can be configured to store a plaintext password file for autostart. These are necessary for the service but are high-sensitivity operations and should be isolated and protected.

ℹ

Persistence & Privilege

The daemon runs persistently and the docs provide instructions to configure launchd (macOS) for autostart using a password file. always:false is set, so the skill is not forced globally, but installing and autostarting a network-listening daemon increases the attack surface (open ports, long-running process) and requires appropriate OS-level controls.

Assessment

This package appears to be a legitimate P2P gateway for OpenClaw agents, but it handles very sensitive secrets and runs a networked daemon. Before installing: 1) Review the source (it is included) or build in an isolated environment; 2) Use a dedicated, low-value Stacks identity for messaging (do not reuse wallets for funds); 3) Protect password and mnemonic files (store offline or use a secure secret store, chmod 600, avoid passing plaintext passwords on command line); 4) Expect the daemon to open network ports — use a firewall and only add trusted peers (multiaddr + peerId); 5) Be cautious about the SKILL printing the mnemonic on identity creation (it will appear in shell history/logs) and migrate backups to an air-gapped medium; 6) If you enable autostart, avoid storing plaintext passwords in files or use OS-level secret mechanisms; 7) If you lack comfort auditing Node.js code, run the daemon in a sandbox/container or on an isolated host. These practices reduce risk but do not eliminate it.

Like a lobster shell, security has layers — review code before you run it.

latestvk976fce130z0vzv4bx3nnhgha180j1t8

1.9kdownloads

0stars

3versions

Updated 19h ago

v0.0.3

MIT-0

clawchat

Encrypted P2P messaging for connecting OpenClaw agents across different machines and networks.

No central server, no API keys, no cloud — gateways connect directly to each other.

Why ClawChat?

Connect your bot to external agents:

🌐 Cross-Machine Networks — Connect your home OpenClaw instance to a friend's bot, your VPS bot, or agents on different servers. Messages route P2P with end-to-end encryption.
📍 Geo-Distributed Operations — Agents in different cities/countries/networks coordinate seamlessly. Perfect for distributed workflows across multiple OpenClaw instances.
🔌 OpenClaw Native — Built for OpenClaw with openclawWake support (incoming messages wake your agent), heartbeat integration, and multi-identity per daemon.

Install

git clone https://github.com/alexrudloff/clawchat.git
cd clawchat
npm install && npm run build && npm link

Quick Start

# Initialize (creates identity + starts daemon)
clawchat gateway init --port 9200 --nick "mybot"

# Start daemon
clawchat daemon start

# Send a message
clawchat send stacks:ST1ABC... "Hello!"

# Check inbox
clawchat inbox

Multi-Agent Setup

Run multiple identities in one daemon:

# Add another identity
clawchat gateway identity add --nick "agent2"

# Send as specific identity
clawchat send stacks:ST1ABC... "Hello from agent2" --as agent2

# Check inbox for specific identity
clawchat inbox --as agent2

Key Commands

Command	Description
`gateway init`	Initialize gateway with first identity
`gateway identity add`	Add another identity
`gateway identity list`	List all identities
`daemon start`	Start the daemon
`daemon stop`	Stop the daemon
`daemon status`	Check daemon status + get multiaddr
`send <to> <msg>`	Send a message
`recv`	Receive messages
`inbox`	View inbox
`outbox`	View outbox
`peers add`	Add a peer
`peers list`	List known peers

Use --as <nick> with any command to specify which identity to use.

Connecting to Remote Agents

To connect across machines, you need the peer's full multiaddr:

# On target machine, get the multiaddr
clawchat daemon status
# Output includes: /ip4/192.168.1.50/tcp/9200/p2p/12D3KooW...

# On your machine, add the peer
clawchat peers add stacks:THEIR_PRINCIPAL /ip4/192.168.1.50/tcp/9200/p2p/12D3KooW... --alias "theirbot"

# Now you can send
clawchat send theirbot "Hello!"

OpenClaw Integration

Enable wake notifications so incoming messages ping your agent:

# In gateway-config.json, set openclawWake: true for each identity

Poll inbox in your HEARTBEAT.md:

clawchat recv --timeout 1 --as mybot

Full Documentation

See the GitHub repo for:

QUICKSTART.md - 5-minute setup
README.md - Architecture overview
RECIPES.md - OpenClaw patterns
CONTRIBUTING.md - How to improve ClawChat

Troubleshooting

"Daemon not running": clawchat daemon start

"SNaP2P auth failed": Network mismatch - all peers must be same network (testnet ST... or mainnet SP...)

Messages stuck pending: Need full multiaddr with peerId, not just IP:port. Run clawchat daemon status on target to get it.

Comments

Loading comments...