Lobster Comm
v1.1.0Bot-to-Bot P2P communication over Tailscale using the LCP/1.1 UDP protocol. Enables AI agents on different machines to exchange signed, reliable messages in...
⭐ 1· 72·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and SKILL.md align: it implements a UDP-based P2P protocol over Tailscale, uses Ed25519 signing (PyNaCl listed), and provides IPC tools for send/check/ack/status. The declared prerequisites (Python, PyNaCl, Tailscale, UDP port) match the implemented behavior.
Instruction Scope
Instructions ask the user to edit lcp_node.py to set IPs, start the daemon, and optionally auto-start it. That's expected, but the runtime behavior includes an unauthenticated local IPC (Unix socket or TCP localhost) that accepts SEND/CHECK/ACK/STATUS commands and will sign and transmit arbitrary payloads on behalf of the node. The daemon stores keys and message files on disk and binds UDP to 0.0.0.0:9528 (not restricted to the Tailscale interface), which can expose the service if network/firewall rules are not strict.
Install Mechanism
There is no install script; the skill is instruction + code files. Dependencies are standard (PyNaCl) and users are asked to pip install it. No remote downloads or archive extraction are present in the manifest.
Credentials
The skill requests no environment variables or external credentials (good). However it generates and stores an Ed25519 seed/private-key file (keys/identity.pem) on first run with no encryption or explicit file-permission hardening. Local files (data/, keys/) and the IPC socket are created with default permissions — these are sensitive artifacts and require proper protection.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and uses standard daemon/autostart suggestions. Autostart is optional and left to the user. No unexpected platform-wide modifications are present in the provided files.
What to consider before installing
This skill appears to do what it claims (P2P messaging over UDP/Tailscale) but has local security weaknesses you should consider before installing on any machine you care about:
- Local IPC is unauthenticated: the daemon listens on a Unix socket (macOS/Linux) or localhost TCP (Windows) and accepts SEND commands which the daemon will sign and forward. Any local process or user that can connect to that socket can cause the node to sign and send arbitrary messages (effectively acting as the local agent). Run the daemon as a dedicated, low-privilege user and restrict access to the socket (filesystem permissions or localhost firewall rules).
- Private key stored unencrypted: the Ed25519 seed is written to keys/identity.pem with no explicit permission hardening. Make sure the key file is only readable by the dedicated user (chmod 600) and, if needed, store keys in a secure store rather than plaintext on disk.
- Network exposure: the daemon binds UDP to 0.0.0.0:9528. If host firewall or routing permits, that port could be reached from non-Tailscale networks. Prefer binding to the node's Tailscale interface IP (change binding target) or enforce firewall rules so only the Tailnet can reach the port.
- Impersonation nuance: IPC clients can include arbitrary payload fields (including 'from') — the daemon will sign the payload and transmit it. Message recipients relying solely on the 'from' field without mapping it to the sender's public key may be misled. Ensure peers validate the public key-to-identity mapping (TOFU or pre-shared pubkeys) and that you understand the trust model.
- File permissions and discovery: message inbox/outbox and seen_ids.json are stored on disk. Review and harden directory permissions and consider placing the skill in an isolated directory or container.
Recommended mitigations before use:
- Run in an isolated environment (container / VM) for initial testing.
- Create a dedicated user account for the daemon and set restrictive file permissions (umask, chmod 600 for key files, restrict data/ and keys/ directories).
- Restrict IPC access (filesystem ACLs or bind TCP to 127.0.0.1 and use OS-level firewall rules) and consider adding authentication to the IPC protocol.
- Change UDP bind to the specific Tailscale IP instead of 0.0.0.0 or add firewall rules limiting source addresses to the Tailnet.
- Review and, if necessary, harden the code: require IPC authentication, encrypt keys at rest, and make auto-start optional until you trust the deployment.
If you cannot apply these mitigations, treat the skill as potentially risky for production or multi-user hosts.Like a lobster shell, security has layers — review code before you run it.
latest
Lobster Comm 🦞 — LCP/1.1
Peer-to-peer messaging between AI agents on different machines via UDP over Tailscale.
Architecture
Agent A (Machine 1) Agent B (Machine 2)
┌──────────────────┐ ┌──────────────────┐
│ lcp_node.py │ UDP :9528 │ lcp_node.py │
│ (daemon) │ ◄────────────► │ (daemon) │
│ │ Ed25519 signed │ │
│ IPC: Unix sock │ ACK + Retry │ IPC: TCP :9529 │
└──────────────────┘ └──────────────────┘
▲ ▲
│ Local IPC │ Local IPC
lcp_send / lcp_check / lcp_ack (same commands)
Features
- UDP direct: Low-latency messaging over Tailscale (vs file-based transfers)
- Ed25519 signing: Every message cryptographically signed and verified
- Reliable delivery: Application-layer ACK + exponential backoff retry (5 attempts)
- Heartbeat: 30s keep-alive, 120s peer timeout detection
- Duplicate detection: Idempotent message receipt via seen-ID tracking
- Daemon model: Background service with local IPC for agent interaction
- Cross-platform: macOS (Unix socket IPC) + Windows (TCP localhost IPC)
Prerequisites
- Python 3.9+
- PyNaCl (
pip install pynacl) - Tailscale with both machines on the same Tailnet
- UDP port 9528 open between peers
Quick Start
1. Configure peer IPs
Edit scripts/lcp_node.py and set:
MY_NAME = "AgentA" # Your agent name
PEER_NAME = "AgentB" # Peer agent name
MY_IP = "100.x.x.x" # Your Tailscale IP
PEER_IP = "100.y.y.y" # Peer Tailscale IP
2. Start daemon
# macOS
python3 scripts/lcp_node.py
# Windows
python scripts/windows/lcp_node_win.py
3. Send & receive
# Send a message
python3 scripts/lcp_send.py "Hello from Agent A!"
python3 scripts/lcp_send.py --type task "Please process data X"
python3 scripts/lcp_send.py --type result --reply-to <msg-id> "Done!"
# Check inbox
python3 scripts/lcp_check.py --pretty
# Archive processed messages
python3 scripts/lcp_ack.py
# Check daemon status
python3 scripts/lcp_status.py
Message Protocol
JSON messages with structure:
{
"id": "uuid",
"from": "AgentA",
"to": "AgentB",
"timestamp": "ISO-8601",
"type": "chat|task|result|ping|pong",
"message": "content",
"replyTo": "optional-msg-id",
"security": {
"algo": "ed25519",
"pubkey": "<base64>",
"signature": "<base64>"
}
}
Wire Format (UDP)
[Magic 4B: "LCP1"][Seq 4B][Type 1B][JSON payload...]
Type: 0x01=DATA, 0x02=ACK, 0x03=HEARTBEAT
Auto-start (macOS)
Create a LaunchAgent plist pointing to lcp_node.py with RunAtLoad=true and KeepAlive for crash recovery.
Auto-start (Windows)
Use Task Scheduler or nssm to run lcp_node_win.py as a service.
Data Directories
data/inbox/— incoming messages (pending)data/inbox_archive/— processed messagesdata/outbox/— sent message copiesdata/seen_ids.json— duplicate detection state
Configuration Reference
| Parameter | Default | Description |
|---|---|---|
| LCP_PORT | 9528 | UDP port for peer communication |
| IPC_SOCKET | /tmp/lcp.sock | Unix socket for local IPC (macOS) |
| IPC_PORT | 9529 | TCP port for local IPC (Windows) |
| MAX_RETRIES | 5 | ACK retry attempts |
| HEARTBEAT_INTERVAL_S | 30 | Seconds between heartbeats |
| PEER_TIMEOUT_S | 120 | Seconds before marking peer offline |
Extending
For multi-peer support, run multiple daemon instances on different ports or extend lcp_node.py with a peer registry. See references/protocol-spec.md for the full LCP/1.1 specification.
Comments
Loading comments...