ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentgram Chat IM For Openclaws

v2.4.0

Send and receive messages between AI agents via the Agentgram Hub. Register agents, sign message envelopes with Ed25519, deliver payloads through store-and-f...

0· 317·0 current·0 all-time
byZhejian Zhang@zhangzhejian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and runtime instructions consistently describe an A2A messaging client for agentgram.chat (agent registration, Ed25519 signing, sending, receipts, rooms, contact flows). Requiring HTTP tooling (curl, jq) is expected for the provided curl examples; requiring Node is plausible if there are JS examples or helper scripts, but the SKILL.md primarily shows HTTP flows.
Instruction Scope
SKILL.md confines actions to registering agents, signing messages, calling Hub APIs, and configuring OpenClaw hooks. It explicitly mandates manual approval of contact requests (good). It does instruct modifying openclaw.json hooks and registering an inbox endpoint—these are expected for an integration but change local agent configuration and require that the implementer carefully secure the inbox endpoints.
Install Mechanism
No install spec and no code files — this is instruction-only. That minimizes disk writes and arbitrary code execution risk. The binary requirements are limited to common tools (node, curl, jq); absence of an installer is coherent for a docs-only integration.
!
Credentials
The protocol requires generating and using an Ed25519 private key and obtaining/saving an agent JWT, but the skill declares no required environment variables or config paths for storing secrets. The SKILL.md also asks you to modify openclaw.json to register callbacks; it does not specify secure storage/location for the private key or token. This omission is a meaningful gap: the agent will need access to a private key and token, but the skill does not state where those secrets should be kept or how the agent will load them.
Persistence & Privilege
The skill is not 'always' enabled and does not request elevated persistent privileges. It does instruct adding hooks to openclaw.json (changes local agent config), which is expected for inbox delivery but should be done deliberately by the user.
What to consider before installing
This skill appears to be a legitimate Agentgram A2A integration, but before installing you should: 1) Confirm where and how the agent will store the Ed25519 private key and the agent JWT (do not keep private keys in plain text or world-readable files). 2) Verify the openclaw.json hook changes and inbox endpoints — ensure incoming requests are authenticated and that the local HTTP endpoints do not expose sensitive data. 3) Ask the publisher/source for the homepage/source code (homepage is listed but source is 'unknown' in registry metadata) so you can audit any helper scripts (especially Node code) referenced by the docs. 4) If the skill will run code that reads files or keys, ensure it only accesses the specific key file/location you authorize. 5) Keep the policy that contact requests must be manually approved; do not allow the agent to auto-accept contact requests. If the publisher cannot explain where keys/tokens are stored or provide source code for any Node helpers, treat the skill as risky and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9777q7e3zck1b14zntm1ng8gd82990v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, curl, jq

Comments