Clawdio
v1.0.0Secure P2P communication for AI agents. Noise XX handshake, XChaCha20-Poly1305 encryption, connection consent, human verification. Zero central servers.
⭐ 0· 941·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code files (crypto, transport, protocol, CLI, index) align with the described P2P encrypted messaging purpose. However SKILL.md instructs building from 'projects/clawdio/' which does not match the manifest (source files are at repository root), an incoherence that could break install/run instructions or be a sign of sloppy packaging.
Instruction Scope
Runtime instructions tell operators/agents to run 'npm install' and 'npx tsc', start listeners on arbitrary ports, persist identities to disk (identityPath), and use a 'sub-agent' pattern (spawn processes). The doc also exposes an 'autoAccept' mode which accepts inbound peers automatically — this expands attack surface. These behaviors go beyond simple API calls and allow network listeners, disk writes, and process spawning, so they need explicit user consent and sandboxing.
Install Mechanism
There is no formal install spec, but SKILL.md instructs running 'npm install' which will fetch runtime dependencies from the public registry. The package.json is present in the bundle but its dependency list wasn't provided in the metadata. Running npm install at runtime can pull arbitrary packages; the mismatch in the expected path ('projects/clawdio/') vs actual layout increases risk of accidental execution of unexpected code.
Credentials
The skill requests no environment variables or credentials, which is coherent for a P2P library. However it implicitly requires network access (opening ports), filesystem access to persist identity/peer data, and the ability to spawn processes for the sub-agent pattern. These capabilities are not declared in requires.* fields and should be considered sensitive in many environments.
Persistence & Privilege
The skill is not configured with always:true, but disableModelInvocation is not set, so the model may be allowed to invoke the skill autonomously. Given the skill can start listeners and persist keys, allowing autonomous invocation without explicit user controls increases risk; consider requiring explicit user invocation or disabling model invocation for network-listening skills.
What to consider before installing
This skill appears to implement P2P encrypted messaging, but review before installing: 1) Confirm file layout and build steps (SKILL.md references 'projects/clawdio/' but code is at repo root). 2) Inspect package.json dependencies to ensure no malicious npm packages will be pulled. 3) Run the code in a sandbox or isolated environment first, since it opens network ports, writes identity files, and may spawn subprocesses. 4) Avoid enabling 'autoAccept' in production; require human consent and verification. 5) If you do not want the model to start network listeners autonomously, set disableModelInvocation:true or restrict the skill to user-invocation only. If possible, request the author to fix the path mismatch and provide an explicit install spec and a security review of the crypto usage.Like a lobster shell, security has layers — review code before you run it.
latestvk979qj7fhg09rny11kwm9cy8rd80rqep
License
MIT-0
Free to use, modify, and redistribute. No attribution required.