← Back to Skills Marketplace
Clawdio
by
JamesEBall
· GitHub ↗
· v2.2.0
1353
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install clawdiocomms
Description
Transport-agnostic secure P2P communication for AI agents. Noise XX handshake, XChaCha20-Poly1305 encryption, connection consent, human verification. No WebSocket — works over Telegram, Signal, or any messaging transport.
README (SKILL.md)
Clawdio
Secure peer-to-peer communication for AI agents using Telegram as transport. Create a "Clawdio Hub" group, add your bot, and you're ready to connect with other agents securely. Agents perform Noise XX handshake over Telegram, then communicate via encrypted channels.
When to Use
- Secure agent-to-agent communication via Telegram
- Task delegation between agents on different machines
- Distributed AI workflows requiring encrypted P2P messaging
- Cross-platform agent coordination without port forwarding
Why Telegram
- ✅ Always online — No port forwarding, NAT, or server setup
- ✅ Reliable delivery — Messages queue when peers offline
- ✅ Universal access — Works from anywhere with internet
- ✅ Battle-tested — Handles billions of messages daily
- ✅ OpenClaw integration — Simple
messagetool for send/receive - ✅ Offline resilience — Messages delivered when peer comes back online
Quick Onboarding
First Time Setup (Your Agent)
- Install Clawdio:
clawhub install clawdiocomms - Create a Telegram group called "Clawdio Hub"
- Add your OpenClaw bot to the group
- Send your agent the group ID (or agent auto-detects it)
- Your agent generates your identity and you're ready
Connecting to a Peer
- Share your public key with your friend
- Your friend does the same setup on their end
- Your friend shares their public key + their Clawdio Hub group ID with you
- Your agent creates a topic/thread in your Clawdio Hub for this peer (e.g. "James \x3C> Alex")
- Connection request sent — friend's agent asks for consent
- Friend approves
- Noise XX handshake happens over Telegram messages in the dedicated topics
- You're connected — encrypted comms flowing
Human Verification (Optional but Recommended)
- Meet in person
- Both run: compare 6-word verification codes
- If they match, mark as human-verified
Technical Setup
cd projects/clawdio && npm install && npx tsc
Quick Start
const { Clawdio } = require('./projects/clawdio/dist/index.js');
// Create two nodes
const alice = await Clawdio.create({ autoAccept: true });
const bob = await Clawdio.create({ autoAccept: true });
// Wire transport (agents decide HOW to send)
alice.onSend((peerId, msg) => bob.receive(alice.publicKey, msg));
bob.onSend((peerId, msg) => alice.receive(bob.publicKey, msg));
// Connect (Noise XX handshake)
const aliceId = await bob.connect(alice.publicKey);
// Send messages
await bob.send(aliceId, { task: "What's the weather?" });
alice.onMessage((msg, from) => console.log(msg.task));
Using with Telegram (via OpenClaw)
const node = await Clawdio.create({ owner: 'James' });
// Send via Telegram
node.onSend((peerId, base64Message) => {
// Use OpenClaw's message tool to send to peer's Telegram
sendTelegramMessage(peerId, base64Message);
});
// When receiving a Telegram message from peer:
node.receive(peerId, base64EncodedMessage);
Connection Consent
Unknown inbound peers require explicit consent:
node.on('connectionRequest', (req) => {
console.log(`Peer: ${req.id}, Fingerprint: ${req.fingerprint}`);
node.acceptPeer(req.id); // or node.rejectPeer(req.id)
});
Human Verification
const code = node.getVerificationCode(peerId); // "torch lemon onyx prism jade index"
// Compare codes in person, then:
node.verifyPeer(peerId);
Persistent Identity
const node = await Clawdio.create({ identityPath: '.clawdio-identity.json' });
API Reference
| Method | Description |
|---|---|
Clawdio.create(opts) |
Create and initialize a node |
node.onSend(handler) |
Register send handler (transport layer) |
node.receive(from, b64) |
Feed incoming message from transport |
node.connect(peerId) |
Initiate Noise XX handshake |
node.send(peerId, msg) |
Send encrypted message |
node.onMessage(handler) |
Listen for decrypted messages |
node.acceptPeer(id) |
Accept pending connection |
node.rejectPeer(id) |
Reject pending connection |
node.getVerificationCode(id) |
Get 6-word verification code |
node.verifyPeer(id) |
Mark peer as human-verified |
node.getPeerTrust(id) |
Get trust level |
node.getFingerprint(id) |
Emoji fingerprint |
node.getPeerStatus(id) |
alive/stale/down |
node.stop() |
Shutdown |
Security Properties
- Forward secrecy (ephemeral X25519 keys)
- Mutual authentication (Noise XX)
- Replay protection (monotonic counters)
- XChaCha20-Poly1305 AEAD encryption
- Connection consent for inbound peers
- Human verification via 6-word codes
Dependencies
Single production dependency: libsodium-wrappers.
Usage Guidance
This package implements a plausible Noise+XChaCha20 P2P library, but the shipped artefacts include several red flags: a start script tailored to a single user's filesystem that spawns detached processes and embeds an external IP; WebSocket transport code while documentation says 'No WebSocket' and the 'ws' dependency is missing; packaging/version mismatches and a reference to a run.js that is not included. Do not run scripts/start.js or any included script unreviewed. If you want to use this skill: (1) ask the author for the canonical source/homepage and a release build (dist) that matches the registry version, (2) inspect run.js (which is not included) before running anything, (3) fix or remove hardcoded absolute paths and host/IPs, (4) run the code in a sandbox/container and avoid exposing private identity files to external hosts, (5) prefer building from source only after adding missing dependencies (or use a vetted package from a known origin). If you cannot verify the origin and contents, treat it as untrusted — the background-start behavior and hardcoded host/IP increase risk of unintended persistent network connections or data exposure.
Capability Analysis
Type: OpenClaw Skill
Name: clawdiocomms
Version: 2.2.0
The skill is classified as suspicious due to the use of `child_process.exec` in `scripts/start.js` to execute shell commands (`pgrep` and `node run.js`) and start a detached background process. While these actions are plausibly aligned with the stated purpose of running a persistent P2P communication node, they represent high-risk capabilities that could be exploited. The script also reads a local identity file and contains hardcoded paths and an IP address, which, while not directly malicious, indicate a specific and potentially less secure deployment context. No clear evidence of intentional malicious behavior such as data exfiltration or unauthorized remote control was found.
Capability Assessment
Purpose & Capability
The SKILL.md emphasizes Telegram as the transport and says 'No WebSocket', yet the source includes a WebSocket Transport implementation (src/transport.ts) and WebSocket server/client code. package.json lists only libsodium-wrappers as a dependency but the code imports 'ws' (missing from package.json). The start script (scripts/start.js) builds a connection string that embeds a hardcoded public host/IP (115.85.17.196:3579) and uses an absolute user path (/Users/jamesball/...) — these are not consistent with a transport-agnostic, privacy-first Telegram-centric description. Packaging metadata also mismatches the registry metadata version (package.json v2.0.0 vs registry v2.2.0) and claims files/dist that are not present. These inconsistencies indicate the codebase is not cleanly aligned with the declared purpose.
Instruction Scope
SKILL.md runtime instructions describe creating a Telegram group and wiring the OpenClaw message tool; they do not instruct running scripts/start.js. However scripts/start.js is included and, if executed, reads a local identity file, runs shell commands (pgrep, 'node run.js') in a hardcoded directory, and returns a connection string pointing to an external IP. That behavior (reading from a user-specific path, starting a background process, exposing a connection string with an IP) is outside the documented onboarding flow and is not justified in the documentation. The code also persists identity to disk (identityPath) and will create directories — SKILL.md mentions persistent identity but does not warn about absolute paths or the background starter script.
Install Mechanism
There is no install spec (instruction-only), which reduces installer-supply-chain risk. However, code contains direct child_process usage (exec) and a start script that launches 'node run.js' detached in a hardcoded directory — running that script would execute arbitrary local code. No network download/install is defined, but executing included scripts or building/running the code will run code that performs process spawning and can start long-lived processes. Additionally, package.json declares 'files': ['dist'] and main 'dist/index.js' but the repo contains src only; running 'npm install' as-is may not produce the expected artifacts.
Credentials
The skill declares no required environment variables or credentials, which superficially fits a pure crypto library. But scripts/start.js hardcodes an absolute user workspace path and a remote host/IP. The library writes/reads identity files and secret keys to disk when identityPath is set — this is expected for persistent identity, but the provided start script expects a specific path (/Users/jamesball/...) and identity file name (.clawdio-identity). The skill therefore implicitly requires filesystem access to user-specific locations and will expose a connection string containing a host/IP. The presence of an owner string ('James') hardcoded in the start script is further evidence the script was authored for a single user's environment rather than general use.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal). However included scripts can start a detached background Node process (exec('node run.js') with child.unref()) — if an agent or user runs the provided start script it will create a persistent process outside the agent's lifecycle. That behavior creates persistence on the host machine and should be treated cautiously. There is no evidence the skill attempts to modify other skills or global agent configuration, but the background-launch behavior increases the blast radius if the script is executed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawdiocomms - After installation, invoke the skill by name or use
/clawdiocomms - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.0
v2.2: Telegram onboarding flow with user-created Clawdio Hub group. Updated docs.
v2.0.0
v2: Transport-agnostic (Telegram, Signal, etc). Removed WebSocket dependency. Under 200 lines.
v1.0.0
Initial release: Noise XX handshake, P2P encrypted agent comms, connection consent, human verification, heartbeat liveness
Metadata
Frequently Asked Questions
What is Clawdio?
Transport-agnostic secure P2P communication for AI agents. Noise XX handshake, XChaCha20-Poly1305 encryption, connection consent, human verification. No WebSocket — works over Telegram, Signal, or any messaging transport. It is an AI Agent Skill for Claude Code / OpenClaw, with 1353 downloads so far.
How do I install Clawdio?
Run "/install clawdiocomms" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Clawdio free?
Yes, Clawdio is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Clawdio support?
Clawdio is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Clawdio?
It is built and maintained by JamesEBall (@jameseball); the current version is v2.2.0.
More Skills