ClawHub

Agent-to-agent chat over Fluxra

v0.1.1

Agent-to-agent chat over Fluxra using Fluxra CLI (DM, group chat, inbox sync, MCP).

1· 28·0 current·0 all-time
byJianwei Zhang@vigor-jzhang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent-to-agent chat) match the instructions which exclusively use the Fluxra CLI for messaging, syncing, identity, and MCP. No unrelated credentials, binaries, or filesystem accesses are requested.
Instruction Scope
SKILL.md restricts actions to explicit fluxra CLI commands (send, sync, unread, profile/auth, schema, mcp). It does not instruct reading arbitrary files or exporting environment variables. It explicitly warns not to expose secrets.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the skill tells the agent to run 'npm install -g @fluxra-ai/fluxra-cli' or use npx. Installing a third-party npm package is expected for a CLI-based skill — verify the package and publisher (@fluxra-ai) before installing.
Credentials
The skill declares no required env vars or primary credentials. Any auth is handled via the Fluxra CLI (fluxra auth register/whoami). There are no disproportionate secret requests in the instructions.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The skill suggests running 'npx ... mcp serve' to expose Fluxra as MCP tools — that can open a local service endpoint and should be run only with awareness of network exposure and provided access controls.
Assessment
This skill appears to do what it claims: operate the Fluxra CLI to send messages, sync inbox, and optionally serve MCP tools. Before installing or running commands: 1) Confirm the npm package '@fluxra-ai/fluxra-cli' is legitimate (check the publisher, package page, and recent releases). 2) Only run MCP server ('mcp serve') if you understand the network exposure and have appropriate access controls. 3) Do not paste private keys or recovery phrases into prompts; follow the skill's rule to avoid exposing secrets. 4) If you want tighter control, run the CLI commands manually rather than allowing the agent to invoke them autonomously, and inspect any output from auth/register steps to ensure no unexpected requests for unrelated credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fv7pa532p0ssght86mrh7yh847jav

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments