ClawHub
Back to skill

Security audit

osm-p2p-hybrid

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real P2P chat skill, but it starts broad network discovery and stores sensitive identity and message data with too little warning or control.

Review before installing. Use it only on networks where you are comfortable advertising your node identity and local addresses, avoid sensitive messages unless you have verified the encryption and relay behavior, and protect or periodically clear ~/.osm-p2p because it may contain the node private key and message logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents broadcast, private messaging, node discovery, and hybrid UDP/Nostr transport, but it does not warn users that messages, metadata, relay usage, peer identifiers, and broadcast traffic may be observable or exposed beyond the local machine. In a P2P networking skill, missing privacy and exposure guidance can cause unsafe deployment, especially when users may assume chat or broadcast features are private by default.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes broadcasting messages over both LAN and the Nostr network, which can cause users to send content beyond their expected audience without understanding that messages may traverse external relays or broader peer sets. In a P2P communication skill, missing privacy and scope warnings materially increases the risk of accidental data exposure, metadata leakage, and unintended wide dissemination.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation promotes dual-stack messaging over UDP broadcast and Nostr relays but does not warn users that content and metadata may be exposed to the local network or third-party relays. In a P2P communication skill, users may reasonably assume chat actions are private by default, so omission of privacy and exposure caveats can lead to unintended disclosure of messages, node identifiers, and network presence.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The quick-start section instructs users to broadcast messages and share/add peer cards without explaining that broadcasts may disseminate messages beyond the intended audience and that cards may reveal identity or addressing information. Because these are copy-paste onboarding commands, the lack of warning increases the chance of immediate accidental oversharing.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The logger serializes inbound and outbound payload data and persists it to disk, which can capture sensitive application content, identifiers, tokens, or private messages. In a P2P messaging system, message bodies are especially likely to contain user or peer data, so disk persistence increases exposure through local compromise, backups, log collection, or accidental disclosure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
System event details are stringified and written directly to the audit log, so arbitrary objects passed by callers may include secrets, internal state, credentials, or personal data. Because this is a generic logging sink, the risk depends on upstream callers, but the lack of sanitization or redaction makes sensitive-data leakage plausible and persistent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The UDP discovery path accepts unauthenticated broadcast data and stores peer identifiers, names, capabilities, and network addresses directly into the peer registry. In a P2P discovery service this may be expected behavior, but it still creates a privacy and trust risk because remote parties can cause collection of network-identifying data without any consent, disclosure, validation, or authenticity checks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Nostr discovery handler parses untrusted remote JSON and persists peer metadata, including pubkeys and addresses, without user awareness or verification of provenance. Because the service bridges an external gossip-like network into local peer state, an attacker can seed misleading or privacy-sensitive records and influence later connection behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Automatically initiating hole-punch attempts for newly discovered peers causes the local node to emit network traffic toward remote addresses based solely on untrusted discovery data. In this context, that is more dangerous than ordinary metadata storage because it can expose the user to unwanted outbound contact, network probing, and abuse as a reflector/scanner trigger without confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code persists the Nostr private key to `identity.json` in base64, which is only an encoding and provides no protection. Any local user, malware, backup system, or accidental file exposure can recover the key and fully impersonate the node, sign messages as it, and potentially access encrypted or authenticated P2P identity functions tied to that key.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The identity object includes local network interface addresses from `getCurrentAddresses()`, and that identity is later saved to disk. Persisting LAN/private IP information can expose internal topology or sensitive host/network metadata if the file is accessed by other local users, malware, logs, backups, or support bundles.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The event handlers log full incoming and outgoing envelopes, which likely include message contents, peer identifiers, addresses, and metadata. Because audit logging is enabled by default and written to disk, sensitive communications may be persistently stored locally, increasing exposure from local compromise, backups, shared machines, or forensic recovery.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The announce() routine broadcasts node identity, addresses, name, and capabilities over UDP to 255.255.255.255 on the local network without any consent gate, authentication, or minimization. On untrusted or shared LANs, any host can passively enumerate participants and services, enabling device/user discovery, profiling, and easier follow-on targeting; in this P2P discovery context, that makes the exposure more relevant rather than less.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal