Pywayne Cross Comm

v0.1.0

WebSocket-based cross-language communication service with support for multiple message types (text, JSON, dict, bytes, images, files, folders) and client man...

⭐ 0· 613·0 current·0 all-time

by@wangyendt

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wangyendt/cross-comm.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Pywayne Cross Comm" (wangyendt/cross-comm) from ClawHub.
Skill page: https://clawhub.ai/wangyendt/cross-comm
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install wangyendt/cross-comm

ClawHub CLI

Package manager switcher

npx clawhub@latest install cross-comm

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The SKILL.md describes a WebSocket cross-language comms service with file uploads to Aliyun OSS — that purpose is internally coherent with the features described (message types, server/client roles, OSS uploads). However the package referenced (pywayne.cross_comm) is assumed present but not provided or installed by the skill bundle, and the registry metadata lists no required env vars or credentials even though OSS credentials are required for file transfers.

Instruction Scope

The runtime instructions explicitly require setting OSS credentials and show examples that send local filesystem paths (files, images, folders) which the library will upload to OSS. While this matches a file-transfer feature, it also creates a clear exfiltration vector: any client/server using this could upload arbitrary local files to a remote OSS bucket. The SKILL.md also recommends listening on 0.0.0.0 (all interfaces), which expands network exposure. The instructions do not include any guidance on access controls, permission scoping, or safe defaults.

✓

Install Mechanism

This skill is instruction-only with no install spec or bundled code files, so it does not itself write code to disk or download artifacts during installation. That reduces immediate supply-chain risk, but it also assumes external Python packages (pywayne.cross_comm and possibly pywayne-aliyun-oss) exist in the runtime — their provenance is not provided.

Credentials

The SKILL.md requires sensitive Aliyun OSS environment variables (OSS_ACCESS_KEY_ID, OSS_ACCESS_KEY_SECRET, OSS_BUCKET_NAME, OSS_ENDPOINT) for file/image/folder transfer, but the registry metadata lists no required env vars or primary credential. Requiring long-lived cloud credentials is proportionate for OSS uploads, but the omission from metadata reduces transparency. No guidance is provided about least-privilege credentials (e.g., scoped upload-only keys) or rotating/limiting access.

✓

Persistence & Privilege

The skill does not request persistent presence (always:false), does not declare modifications to other skill configs, and has no install-time scripts. Autonomous model invocation is enabled by default on the platform (disable-model-invocation:false), which is normal — but combined with the ability to upload files, this increases the potential blast radius if the agent is given the OSS creds.

What to consider before installing

This skill's instructions require Aliyun OSS credentials and allow uploading local files to a remote bucket; however the registry entry doesn't declare those environment variables or provide the package source. Before installing or using it: 1) Confirm the origin of the pywayne.cross_comm and any pywayne-aliyun-oss packages (PyPI/GitHub release or other verifiable source) and review their code; 2) Do not supply high-privilege long-lived OSS keys — create scoped, upload-only keys and a dedicated bucket with least privilege; 3) Run the code in an isolated environment or sandbox if you must test it, and avoid running a server on 0.0.0.0 unless you understand the network exposure; 4) Consider requiring manual agent invocation (disable autonomous skill invocation) if you are concerned about accidental or automated file exfiltration; 5) If you expect this skill to be authoritative, ask the publisher to update the registry metadata to list the required env vars and document credential scoping — the current mismatch is a transparency problem. If you cannot verify the package source and the need for OSS uploads, treat this skill as risky.

Like a lobster shell, security has layers — review code before you run it.

latestvk97191gjhkhtv3kh2de5f0vj2h817r9r

613downloads

0stars

1versions

Updated 22h ago

v0.1.0

MIT-0

Pywayne Cross Comm

pywayne.cross_comm.CrossCommService provides WebSocket-based real-time communication between Python and other languages, with built-in file transfer via Aliyun OSS.

Prerequisites

OSS Configuration (required for file/image/folder transfer):

File transfers use Aliyun OSS. Set these environment variables:

# .env file
OSS_ENDPOINT=your-oss-endpoint
OSS_BUCKET_NAME=your-bucket-name
OSS_ACCESS_KEY_ID=your-access-key
OSS_ACCESS_KEY_SECRET=your-access-secret

For more OSS details, see pywayne-aliyun-oss skill.

Quick Start

import asyncio
from pywayne.cross_comm import CrossCommService, CommMsgType

# Server
server = CrossCommService(role='server', ip='0.0.0.0', port=9898)
await server.start_server()

# Client
client = CrossCommService(role='client', ip='localhost', port=9898, client_id='my_client')
await client.login()

Server

Initialize server

server = CrossCommService(
    role='server',
    ip='0.0.0.0',        # Listen on all interfaces
    port=9898,
    heartbeat_interval=30,     # Seconds between heartbeats
    heartbeat_timeout=60       # Seconds before marking offline
)

Register message listeners

@server.message_listener(msg_type=CommMsgType.TEXT)
async def handle_text(message):
    print(f"From {message.from_client_id}: {message.content}")

@server.message_listener(msg_type=CommMsgType.FILE, download_directory="./downloads")
async def handle_file(message):
    print(f"File downloaded: {message.content}")

Start server

await server.start_server()  # Blocks until server stops

Get online clients

online_clients = server.get_online_clients()  # Returns list of client IDs

Client

Initialize client

client = CrossCommService(
    role='client',
    ip='localhost',           # Server address
    port=9898,
    client_id='my_client',    # Optional: auto-generated if omitted
    heartbeat_interval=30,
    heartbeat_timeout=60
)

Login and logout

success = await client.login()
if success:
    print("Connected!")
    # ... communicate ...
    await client.logout()

Send messages

# Broadcast to all
await client.send_message("Hello!", CommMsgType.TEXT)

# Send to specific client
await client.send_message("Private", CommMsgType.TEXT, to_client_id='target_id')

# JSON message
await client.send_message('{"key": "value"}', CommMsgType.JSON)

# Dict message
await client.send_message({"type": "data", "value": 123}, CommMsgType.DICT)

# Bytes (auto base64 encoded)
await client.send_message(b"binary", CommMsgType.BYTES)

# File (auto uploads to OSS)
await client.send_message("/path/to/file.txt", CommMsgType.FILE)

# Image (auto uploads to OSS)
await client.send_message("/path/to/image.jpg", CommMsgType.IMAGE)

# Folder (auto uploads to OSS)
await client.send_message("/path/to/folder", CommMsgType.FOLDER)

Get client list

# All clients (online + offline)
all_clients = await client.list_clients(only_show_online=False)
# Returns: {'clients': [...], 'total_count': N, 'only_show_online': False}

# Online only
online = await client.list_clients(only_show_online=True)

Message Types

CommMsgType enum (use these, not strings):

Type	Description
`CommMsgType.TEXT`	Plain text
`CommMsgType.JSON`	JSON string
`CommMsgType.DICT`	Python dict
`CommMsgType.BYTES`	Binary data
`CommMsgType.IMAGE`	Image file
`CommMsgType.FILE`	Regular file
`CommMsgType.FOLDER`	Folder

Internal types (auto-handled): HEARTBEAT, LOGIN, LOGOUT, LIST_CLIENTS, LIST_CLIENTS_RESPONSE, LOGIN_RESPONSE

Message Listener Decorator

# Listen to specific type
@service.message_listener(msg_type=CommMsgType.TEXT)
async def handler(message):
    pass

# Listen from specific sender
@service.message_listener(msg_type=CommMsgType.FILE, from_client_id='specific_client')
async def handler(message):
    pass

# Listen to all types
@service.message_listener()
async def handler(message):
    pass

Note: Listeners automatically filter out messages sent by yourself.

File Download Control

File downloads are controlled via the listener's download_directory parameter:

# Auto-download files to ./downloads
@client.message_listener(msg_type=CommMsgType.FILE, download_directory="./downloads")
async def handle_file(message):
    # message.content contains downloaded file path
    print(f"Downloaded: {message.content}")

# No auto-download - saves bandwidth
@client.message_listener(msg_type=CommMsgType.FILE, from_client_id='low_priority')
async def handle_file(message):
    # message.content contains OSS key, not downloaded
    print(f"File available: {message.oss_key}")
    # Optionally: client.download_file_manually(message.oss_key, "./manual_downloads/")

Manual download

success = client.download_file_manually(
    oss_key="cross_comm/sender_id/123456_file.txt",
    save_directory="./downloads"
)

Message Object

@dataclass
class Message:
    msg_id: str                    # Unique message ID
    from_client_id: str            # Sender ID
    to_client_id: str              # 'all' or specific client ID
    msg_type: CommMsgType           # Message type enum
    content: Any                   # Message content
    timestamp: float                # Unix timestamp
    oss_key: Optional[str]         # OSS key for file transfers

    def to_dict(self) -> Dict:      # Convert to dict
    @classmethod
    def from_dict(cls, data) -> 'Message':  # Create from dict

Client ID Generation

If client_id is not specified, it's auto-generated using MAC address + UUID:

Format: {mac_address}_{uuid_suffix}
Example: a1b2c3d4e5f6_abc12345

Command Line

# Run server
python -m pywayne.cross_comm server

# Run client
python -m pywayne.cross_comm client

Important Notes

File transfer: Requires OSS environment variables; files auto-upload on send
Async required: All operations are async; use asyncio.run() or await in async context
Heartbeat: Auto-managed; adjust intervals for network conditions
Message filtering: Use download_directory to control auto-downloads and save bandwidth
State persistence: Server saves client status to cross_comm_clients.yaml
Role-specific methods: Server has start_server(), get_online_clients(); client has login(), logout(), send_message(), list_clients()

Comments

Loading comments...