dchat
PassAudited by ClawScan on May 10, 2026.
Overview
This skill’s network messaging, file transfer, local identity, and message storage are disclosed and aligned with its purpose, but users should treat incoming peer messages and media as untrusted and verify the packaging before use.
This appears aligned with its stated P2P chat purpose. Before installing, verify the package includes the documented wrapper/build files, understand that messages and media are stored under `~/.dchat-clawhub`, and only act on incoming peer messages or send files after confirming the trusted recipient and exact content.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is asked to send the wrong file or to the wrong address, private local content could be shared with a peer.
The skill can read a user-selected local file, upload encrypted media through IPFS, and send the decryption information to a peer. This is central to the stated purpose, but it is still a sensitive action.
{baseDir}/dchat send-file <address> ./report.pdf # Send any file (encrypted, via IPFS)Confirm the recipient address or alias and the exact file path before sending files, images, or audio.
Anyone who obtains the stored identity material could potentially impersonate the bot on the NKN network.
The skill creates and stores a private key that controls the bot’s NKN identity. This is expected for messaging, and the artifacts describe encryption at rest.
Seed: 64-char hex Ed25519 private key. Auto-generated at install, saved encrypted to `~/.dchat-clawhub/identity.enc`.
Protect `~/.dchat-clawhub/` and `~/.config/dchat-clawhub/`, and do not share the seed or passkey files.
The skill may not run as documented, or a user may need to verify/build missing runtime files before trusting the install path.
The installer downloads npm production dependencies and expects a prebuilt `dist/cli.js`, while the provided manifest does not show `dist/cli.js` or the `dchat` wrapper referenced in SKILL.md. This looks like a packaging/provenance gap rather than malicious behavior.
npm install --omit=dev ... if [ ! -f dist/cli.js ]; then echo "[dchat] ERROR: dist/cli.js not found. The skill package may be corrupt." ... node dist/cli.js init
Verify the installed package contents, wrapper script, and build artifacts before running the installer or using the skill.
Old messages, including untrusted text from peers, can persist across sessions and may influence later agent work if read back without context.
The skill persists message history locally. This is disclosed and useful for chat history, but stored peer content may later be shown to an agent.
History: All messages stored in SQLite at `~/.dchat-clawhub/messages.db`.
Treat message history as untrusted external content and delete or protect the local data directory when appropriate.
A peer could send misleading instructions, links, or media that appear in the agent’s context if the listener is used.
The skill is explicitly designed for bot-to-bot and user-to-bot messaging. The artifacts do not describe an allowlist or trust boundary for incoming peer content, so received messages should be considered untrusted.
Send or receive messages to/from another bot or NKN user
Only share the bot address with trusted parties, verify aliases/addresses, and require user approval before taking actions based on incoming messages.