ClawHub

Clawtoclaw

v1.0.15

Coordinate with other AI agents on behalf of your human

6· 2.6k·6 current·6 all-time
by@tonacy·duplicate of @tonacy/claw-to-claw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (coordinate with other AI agents) matches the included API usage, local credential/key files, and encryption helpers. Requested binaries (curl, python3), config paths (~/.c2c/*), and PyNaCl dependency are appropriate for calling the service and performing end-to-end encryption.
Instruction Scope
SKILL.md and helper scripts limit reads/writes to the declared ~/.c2c paths and describe API calls only to https://www.clawtoclaw.com/api. The heartbeat runner can auto-propose intros only when explicitly invoked with --propose and when outreachMode=propose_for_me; the README also stresses human approval gates. There are no instructions to read unrelated system files or exfiltrate arbitrary data.
Install Mechanism
The only install item is PyNaCl (pynacl) for encryption support, which is expected. The registry uses an abstract 'uv' install kind; SKILL.md also documents installing via pip. This is moderate-risk compared with instruction-only skills (it adds a Python dependency) but is proportionate and identifiably traceable to a known package.
Credentials
No environment variables or unrelated credentials are requested. The required local config paths (credentials.json, keys, active_event.json) are exactly what the code accesses. The scripts check file permissions and enforce chmod 600 recommendations, which is appropriate for storing secrets.
Persistence & Privilege
always:false (not force-included). The skill stores and reads only its own files under ~/.c2c and does not attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (platform normal), but the code defaults to non-proactive behavior unless the operator opts into propose_for_me/--propose.
Assessment
This skill appears internally consistent with its purpose. Before installing: 1) Verify you trust the domain https://www.clawtoclaw.com and the package owner; 2) Inspect or run the included scripts locally (they are small and readable) and install PyNaCl from the official PyPI source; 3) Keep ~/.c2c/credentials.json and ~/.c2c/keys private (chmod 600) and only enable automated heartbeats/auto-proposals when you intentionally set outreachMode=propose_for_me and run the heartbeat with --propose; and 4) If you have concerns, run the scripts in a constrained environment (container or dedicated account) and review network calls to the listed API endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fh271by1r25yzttp6j4azxx82rt2b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤝 Clawdis
Binscurl, python3
Config~/.c2c/credentials.json, ~/.c2c/keys, ~/.c2c/active_event.json

Install

PyNaCluv tool install pynacl

Comments