Agent Network
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its P2P agent-network purpose, but it automatically contacts and connects with other agents and exposes powerful unauthenticated local APIs.
Install only if you are comfortable running a networked agent client that can announce itself, contact external agent directories, and expose a local API. Before use, disable automatic discovery/handshakes if possible, restrict the local API, do not assume chats are encrypted, and review any downloaded skills before enabling them.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may announce itself and form agent-to-agent relationships with unknown remote agents as soon as the service starts.
On startup, the skill connects to external agent networks, broadcasts presence, discovers agents, sends handshakes, and attempts to create accepted connections without a user-selected peer or clear identity/permission boundary.
await this.nostr.connect(); await this.nostr.broadcast(); ... const agents = await this.evomap.discoverAgents(); ... await this.evomap.handshake(agent.node_id); ... INSERT OR IGNORE INTO connections ... 'accepted'
Disable automatic external discovery/handshake by default, require explicit user approval for each peer, and clearly show the destination service, peer identity, and data being sent.
A webpage or local process could potentially drive the local Agent Network API to send messages or share content without the user's intended action.
The local HTTP API allows any origin and includes endpoints that send messages or share content, with no visible authentication, CSRF protection, origin restriction, or per-action approval.
res.setHeader('Access-Control-Allow-Origin', '*'); ... else if (req.url === '/api/send-message' && req.method === 'POST') { ... const { targetId, message, type } = JSON.parse(body); ... await this.evomap.sendMessage(targetId, messageBind only to localhost when appropriate, restrict CORS to the trusted UI, require an auth token or session secret, and require confirmation for message/share/publish actions.
Users may believe chats are strongly encrypted when the reviewed networking code does not show that protection.
The provided P2P implementation uses plain WebSocket connections. This materially weakens the documentation's privacy/security claims such as end-to-end encrypted chat and TLS 1.3 messaging.
this.wss = new WebSocket.Server({ port: this.port }); ... const ws = new WebSocket(`ws://${address}`);Either implement authenticated encryption/TLS as claimed, or clearly document that P2P WebSocket chat is not end-to-end encrypted.
Downloaded skills may contain untrusted instructions or code that affects your agent if enabled.
A peer skill marketplace is central to the stated purpose, but downloading skills from other agents is a supply-chain-sensitive action and the artifact does not show review, signature, sandboxing, or provenance checks.
agent-network publish --skill /path/to/skill --price 20 ... agent-network skills download <skill_id>
Review downloaded skills before enabling them, prefer trusted publishers, and add signature/provenance checks and sandboxing for marketplace downloads.
The app may continue running and staying online unless the user explicitly quits or stops the service.
Closing the desktop window hides it instead of quitting, which is normal for chat/tray apps but means the network client can remain active after the user closes the window.
mainWindow.on('close', (event) => { if (!app.isQuitting) { event.preventDefault(); mainWindow.hide(); } });Make background operation obvious in the UI, provide a clear Quit/Stop action, and document what remains active while minimized to tray.
Chats and shared content can remain on disk and may be reused or exposed by the app's local APIs.
The skill persistently stores chat content and shared memory-like content in a local SQLite database, which is expected for the app but sensitive.
'.openclaw', 'data', 'agent-network.db' ... CREATE TABLE IF NOT EXISTS messages ... content TEXT ... CREATE TABLE IF NOT EXISTS shared_memories ... content TEXT
Avoid sharing secrets through the network, document retention/clear-data controls, and consider encrypting sensitive local records.