← Back to Skills Marketplace
wkyleg

Bitchat

by wkyleg · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
263
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install bitchat
Description
Bitchat integration skill for OpenClaw
README (SKILL.md)

Bitchat

This skill enables decentralized messaging using the Bitchat protocol within OpenClaw.

Features

  • Send and receive messages over mesh or peer-to-peer Bitchat networks.
  • Node-based integration for scriptable console usage.
  • CLI commands to configure network peers, encryption, and channels.
  • Relies on bitchat-node (npm) for the underlying BLE or other mesh transport.

Security & Dependencies

  • Bitchat uses local BLE or LAN for discovery and connectivity.
  • The skill does not automatically connect to arbitrary external URLs.
  • All network connections are user-initiated and require local config.
  • We have pruned unneeded dependencies. Only bitchat-node is included.

Usage

  1. Install the skill from ClawHub: clawhub install bitchat
  2. Add or configure your Bitchat node/peers.
  3. Use OpenClaw commands to dispatch or read messages.
# example
openclaw bitchat start
openclaw bitchat send --to=peerID --message="Hello"

Implementation Details

  • TypeScript-based, compiles to dist/.
  • Exposes integration points so OpenClaw can manage channels.
  • Minimizes third-party dependencies to reduce security surface area.

Future Plans

  • Enhanced encryption and key management.
  • Multi-network bridging beyond BLE.

Release Notes

  • 0.1.2: Points to [email protected], further pruned dist dependencies, updated skill doc.
Usage Guidance
What to check before installing: - Verify the package you install is from a trusted source (the repo/homepage is missing here). The included package-lock contains many large, unrelated packages — ask the author why those are present or audit the lockfile. - Ensure your OpenClaw gateway is not exposed to untrusted networks. The plugin registers /bitchat-webhook which will accept POSTs and inject them into agent sessions; if your gateway is reachable, an attacker could post messages to the agent. - Keep bridgeUrl set to localhost (default) unless you understand and trust the remote bridge host. A remote bridge could receive or send agent messages, creating an exfiltration path. - Prefer dmPolicy='allowlist' and populate allowFrom with specific peer IDs if you expect sensitive messages. - Audit or run the dependent bitchat-node daemon from its upstream GitHub (https://github.com/wkyleg/bitchat-node) before running; ensure it behaves as expected and does not open remote connections or accept remote webhook registration from untrusted hosts. - Confirm build artifacts (dist/) are present or that the package you install includes compiled JS; otherwise the plugin may fail to load or attempt to build during install. If you cannot validate the lockfile, upstream daemon, and network exposure, treat this plugin as higher risk and test it in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill Name: bitchat Version: 0.1.2 The bitchat skill is a legitimate integration for the Bitchat decentralized messaging protocol, allowing OpenClaw agents to communicate over a Bluetooth Low Energy (BLE) mesh network. The code implements a bridge to a local daemon (bitchat-node) using standard HTTP and WebSocket patterns. It includes proactive security features such as a configurable 'dmPolicy' and 'allowlist' to restrict which peer IDs can interact with the agent. No evidence of data exfiltration, malicious execution, or prompt injection was found; the logic is transparent and strictly aligned with the stated purpose of peer-to-peer messaging.
Capability Assessment
Purpose & Capability
The plugin implements a local HTTP bridge client and webhook handler that matches the advertised Bitchat integration. However the included package-lock lists many unrelated/large packages (AWS SDK, Anthropic SDK, etc.) and a local '../bitchat-node' package entry; this is disproportionate to a small BLE-bridge plugin and expands supply-chain surface area. Also package.json points to compiled dist/ but the bundle only contains src/ (no dist/), which is a packaging/coherence mismatch.
Instruction Scope
SKILL.md and code indicate the plugin will connect to a configurable bridgeUrl (default localhost) and register an HTTP webhook path. Although SKILL.md claims 'local-only' and 'user-initiated' connections, the plugin will connect to whatever bridgeUrl appears in OpenClaw config — including a remote URL if misconfigured — and it exposes an unprotected webhook endpoint that will accept POSTed messages (auth is limited to peerID checks). If the OpenClaw gateway is network-exposed or the bridgeUrl is set to an external host, incoming messages could be used to inject content into agent sessions.
Install Mechanism
There is no separate install spec in the registry (instruction-only), which is low-risk in itself. But the repository includes a package-lock.json showing many dependencies beyond 'bitchat-node'. That lockfile increases the package surface and should be reviewed; the lockfile entries suggest the published package might carry unexpected transitive dependencies.
Credentials
The skill requests no environment variables or credentials (proportional). Still, because it can be pointed at an arbitrary HTTP bridge URL, a remote bridge could be used to receive forwarded messages or exfiltrate agent content if a user configures a remote bridge; ensure bridgeUrl is only set to trusted/local endpoints.
Persistence & Privilege
The skill does not request always:true and does not require elevated system privileges. It registers a service and an HTTP handler (normal for a channel plugin). Autonomous invocation is enabled (platform default) but not combined with other explicit persistence or cross-skill configuration changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bitchat
  3. After installation, invoke the skill by name or use /bitchat
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Points to [email protected], further pruned dependencies.
v0.1.1
Release 0.1.1 with reduced dependencies.
v0.1.0
Beta release.
Metadata
Slug bitchat
Version 0.1.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Bitchat?

Bitchat integration skill for OpenClaw. It is an AI Agent Skill for Claude Code / OpenClaw, with 263 downloads so far.

How do I install Bitchat?

Run "/install bitchat" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bitchat free?

Yes, Bitchat is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Bitchat support?

Bitchat is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bitchat?

It is built and maintained by wkyleg (@wkyleg); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments