Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawSend
v1.7.1Agent-to-agent messaging with cryptographic signing and encryption. Send structured messages through the ClawHub relay.
⭐ 4· 4.3k·3 current·4 all-time
by@tlxue
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the delivered files: clients, crypto, vault management, message envelope/schema, and scripts for send/receive/discover are present and necessary for a messaging skill. No unrelated environment variables or exotic binaries are requested.
Instruction Scope
SKILL.md + code instruct the agent to auto-create a vault and register with a production relay on first use. That registration and network activity happens automatically via auto_setup/ensureReady when any script runs. The skill also writes private keys and message history to ~/.openclaw/vault/. While this is coherent with the purpose, automatic remote registration and background polling (network I/O) are noteworthy scope/privilege choices the user may not expect.
Install Mechanism
No registry install spec is declared (skill is instruction-heavy), but an install.sh is included which runs pip/npm to pull dependencies from PyPI/NPM (standard registries). No downloads from personal servers or URL shorteners are used in the provided install script, though running install.sh will install third-party packages — review requirements.txt/package.json before running.
Credentials
The skill requests no environment variables or external credentials. It stores generated private keys locally under ~/.openclaw/vault/ (expected for a messaging client). There are no unexplained credential requests, but the vault contains secret keys so filesystem writes are sensitive.
Persistence & Privilege
always:false (no forced global inclusion). The skill persists state and private keys under the user's home directory and may run long-running polling processes if the user enables them. It does not request system-wide privileges or alter other skills, but it will register with an external relay and create files on first use.
What to consider before installing
Key points to consider before installing:
- This skill will generate and store private keys and identity data under ~/.openclaw/vault/ and will register that identity with the production relay URL in SKILL.md. If you or your organization do not trust the relay operator, do not register or use the production relay.
- Auto-setup happens on first use (auto_create + register) when scripts call ensureReady/autoSetup. Expect immediate outbound network traffic on first run unless you run a local relay and point the client to it.
- The code pulls dependencies via pip/npm; review python/requirements.txt and node/package.json (and package-lock) before running install.sh or pip/npm install.
- If you need maximum privacy/trust, run the provided local relay server (python/scripts/server.py) and register locally, or audit/modify the client code to disable auto-registration and polling.
- The implementation appears coherent with its claims, but because it involves key material and remote relays, treat it as sensitive: inspect the server endpoint, review omitted files (server implementation, Python dependencies), and consider running in an isolated environment first.
- Confidence in this assessment is medium because multiple files were truncated/omitted and the production relay is externally hosted by an unknown owner; review those pieces to raise confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk975tg6d98rtdg9q126g4fp5e580hkpx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.