← Back to Skills Marketplace
875
Downloads
0
Stars
4
Active Installs
2
Versions
Install in OpenClaw
/install agentmesh
Description
Provides end-to-end encrypted, authenticated, and forward-secret messaging between AI agents with cryptographic identities and tamper-proof delivery.
README (SKILL.md)
AgentMesh SKILL.md
WhatsApp-style end-to-end encrypted messaging for AI agents. GitHub: https://github.com/cerbug45/AgentMesh | Author: cerbug45
What Is AgentMesh?
AgentMesh gives every AI agent a cryptographic identity and lets agents exchange messages that are:
| Property | Mechanism |
|---|---|
| Encrypted | AES-256-GCM authenticated encryption |
| Authenticated | Ed25519 digital signatures (per message) |
| Forward-secret | X25519 ECDH ephemeral session keys |
| Tamper-proof | AEAD authentication tag |
| Replay-proof | Nonce + counter deduplication |
| Private | The Hub (broker) never sees message contents |
No TLS certificates. No servers required for local use. One pip install.
Installation
Requirements
- Python 3.10 or newer
pip
Option 1 – Install from GitHub (recommended)
pip install git+https://github.com/cerbug45/AgentMesh.git
Option 2 – Clone and install locally
git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install .
Option 3 – Development install (editable, with tests)
git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install -e ".[dev]"
pytest # run all tests
Verify installation
python -c "import agentmesh; print(agentmesh.__version__)"
# → 1.0.0
Quick Start (5 minutes)
from agentmesh import Agent, LocalHub
hub = LocalHub() # in-process broker
alice = Agent("alice", hub=hub) # keys generated automatically
bob = Agent("bob", hub=hub)
@bob.on_message
def handle(msg):
print(f"[{msg.recipient}] ← {msg.sender}: {msg.text}")
alice.send("bob", text="Hello, Bob! This is end-to-end encrypted.")
Output:
[bob] ← alice: Hello, Bob! This is end-to-end encrypted.
Core Concepts
Agent
An Agent is an AI agent with a cryptographic identity (two key pairs):
- Ed25519 identity key – signs every outgoing message
- X25519 exchange key – used for ECDH session establishment
from agentmesh import Agent, LocalHub
hub = LocalHub()
alice = Agent("alice", hub=hub)
# See the agent's fingerprint (share out-of-band to verify identity)
print(alice.fingerprint)
# → a1b2:c3d4:e5f6:g7h8:i9j0:k1l2:m3n4:o5p6
Hub
A Hub is the message router. It stores public key bundles (for discovery) and routes encrypted envelopes. It cannot decrypt messages.
| Hub | Use case |
|---|---|
LocalHub |
Single Python process (demos, tests, notebooks) |
NetworkHub |
Multi-process / multi-machine (production) |
Message
@bob.on_message
def handle(msg):
msg.sender # str – sender agent_id
msg.recipient # str – recipient agent_id
msg.text # str – shortcut for msg.payload["text"]
msg.type # str – shortcut for msg.payload["type"] (default: "message")
msg.payload # dict – full decrypted payload
msg.timestamp # int – milliseconds since epoch
Usage Guide
Sending messages with extra data
alice.send(
"bob",
text = "Run this task",
task_id = 42,
priority = "high",
data = {"key": "value"},
)
All keyword arguments beyond text are included in msg.payload.
Chaining handlers
# Handler as decorator
@alice.on_message
def handler_one(msg):
...
# Handler as lambda
alice.on_message(lambda msg: print(msg.text))
# Multiple handlers – all called in registration order
alice.on_message(log_handler)
alice.on_message(process_handler)
Persistent keys
Save keys to disk so an agent has the same identity across restarts:
alice = Agent("alice", hub=hub, keypair_path=".keys/alice.json")
- File is created on first run (new keys).
- File is loaded on subsequent runs (same keys = same fingerprint).
- Store this file securely – it contains the private key.
Peer discovery
# List all agents registered on the hub
peers = alice.list_peers() # → ["bob", "carol", "dave"]
# Check agent status
print(alice.status())
# {
# "agent_id": "alice",
# "fingerprint": "a1b2:…",
# "active_sessions": ["bob"],
# "known_peers": ["bob"],
# "handlers": 2
# }
Network Mode (multi-machine)
1. Start the hub server
On the broker machine (or in its own terminal):
# Option A – module
python -m agentmesh.hub_server --host 0.0.0.0 --port 7700
# Option B – entry-point (after pip install)
agentmesh-hub --host 0.0.0.0 --port 7700
2. Agents connect from anywhere
# Machine A
from agentmesh import Agent, NetworkHub
hub = NetworkHub(host="192.168.1.10", port=7700)
alice = Agent("alice", hub=hub)
# Machine B (different process / different computer)
from agentmesh import Agent, NetworkHub
hub = NetworkHub(host="192.168.1.10", port=7700)
bob = Agent("bob", hub=hub)
bob.on_message(lambda m: print(m.text))
alice.send("bob", text="Cross-machine encrypted message!")
Network hub architecture
┌──────────────────────────────────────────────────────┐
│ NetworkHubServer │
│ Stores public bundles. Routes encrypted envelopes. │
│ Cannot read message contents. │
└──────────────────────┬───────────────────────────────┘
│ TCP (newline-delimited JSON)
┌───────────┼───────────┐
│ │ │
Agent A Agent B Agent C
(encrypted) (encrypted) (encrypted)
Security Architecture
Cryptographic stack
┌─────────────────────────────────────────────────────┐
│ Application layer (dict payload) │
├─────────────────────────────────────────────────────┤
│ Ed25519 signature (sender authentication) │
├─────────────────────────────────────────────────────┤
│ AES-256-GCM (confidentiality + integrity) │
├─────────────────────────────────────────────────────┤
│ HKDF-SHA256 key derivation (directional keys) │
├─────────────────────────────────────────────────────┤
│ X25519 ECDH (shared secret / forward secrecy) │
└─────────────────────────────────────────────────────┘
Security properties
| Attack | Defence |
|---|---|
| Eavesdropping | AES-256-GCM encryption |
| Message tampering | AES-GCM authentication tag (AEAD) |
| Impersonation | Ed25519 signature on every message |
| Replay attack | Nonce + monotonic counter deduplication |
| Key compromise | X25519 ephemeral sessions (forward secrecy) |
| Hub compromise | Hub stores only public keys; cannot decrypt |
What the Hub can see
- ✅ Agent IDs (to route messages)
- ✅ Public key bundles (required for discovery)
- ✅ Metadata: sender, recipient, timestamp, message counter
- ❌ Message contents (always encrypted)
- ❌ Payload data (always encrypted)
Examples
| File | What it shows |
|---|---|
examples/01_simple_chat.py |
Two agents, basic send/receive |
examples/02_multi_agent.py |
Coordinator + 4 workers, task distribution |
examples/03_persistent_keys.py |
Keys saved to disk, identity survives restart |
examples/04_llm_agents.py |
LLM agents (OpenAI / any API) in a pipeline |
Run any example:
python examples/01_simple_chat.py
API Reference
Agent(agent_id, hub=None, keypair_path=None, log_level=WARNING)
| Method | Description |
|---|---|
send(recipient_id, text="", **kwargs) |
Send encrypted message |
send_payload(recipient_id, payload: dict) |
Low-level send |
on_message(handler) |
Register message handler (decorator or call) |
connect(peer_id) |
Pre-establish session (optional, auto-connects) |
connect_with_bundle(bundle) |
P2P: connect using public bundle directly |
list_peers() |
List all peer IDs on the hub |
status() |
Dict with agent state |
fingerprint |
Human-readable hex identity fingerprint |
public_bundle |
Dict with public keys (share with peers) |
LocalHub()
| Method | Description |
|---|---|
register(agent) |
Register an agent (called automatically) |
deliver(envelope) |
Route an encrypted envelope |
get_bundle(agent_id) |
Get a peer's public bundle |
list_agents() |
List all registered agent IDs |
message_count() |
Number of messages routed |
NetworkHub(host, port=7700)
Same interface as LocalHub, but communicates with a NetworkHubServer over TCP.
NetworkHubServer(host="0.0.0.0", port=7700)
| Method | Description |
|---|---|
start(block=True) |
Start listening (block=False for background thread) |
Low-level crypto (advanced)
from agentmesh.crypto import (
AgentKeyPair, # key generation, serialisation, fingerprint
CryptoSession, # encrypt / decrypt
perform_key_exchange,# X25519 ECDH → CryptoSession
seal, # sign + encrypt (high-level)
unseal, # decrypt + verify (high-level)
CryptoError, # raised on any crypto failure
)
Troubleshooting
CryptoError: Replay attack detected
You are sending the same encrypted envelope twice.
Each call to send() produces a fresh envelope – do not re-use envelopes.
CryptoError: Authentication tag mismatch
The envelope was modified in transit. Check that your transport does not corrupt binary data (use JSON-safe base64).
ValueError: Peer 'xxx' not found on hub
The recipient has not registered with the hub yet. Ensure both agents are created with the same hub instance (LocalHub) or connected to the same hub server (NetworkHub).
RuntimeError: No hub configured
You created Agent("name") without a hub.
Pass hub=LocalHub() or hub=NetworkHub(...) to the constructor.
Contributing
git clone https://github.com/cerbug45/AgentMesh.git
cd AgentMesh
pip install -e ".[dev]"
pytest -v
Issues and PRs welcome at https://github.com/cerbug45/AgentMesh/issues
License
MIT © cerbug45 – see LICENSE
Usage Guidance
This project appears to implement an end-to-end encrypted agent messaging system and the code matches the documentation, but there are important security caveats to consider before installing or running it:
- Registration is unauthenticated: the NetworkHubServer accepts REGISTER messages and stores whatever public bundle a client provides under the supplied agent_id. That means a malicious client can register as someone else (e.g., 'alice') and cause other agents to establish sessions to the attacker's keys — enabling impersonation and message interception. Do not run the NetworkHubServer on an untrusted or public network without adding authentication/authorization (e.g., challenge-response proof-of-possession, TLS client certs, API keys, or an authenticated admin control).
- Binding to 0.0.0.0 is dangerous on public machines. If you run the hub, restrict it to a private network or use firewall rules and TLS/transport-level authentication.
- Persistent private keys are written to disk when you use keypair_path. Store those files securely (correct filesystem permissions, encryption at rest) and never share them.
- The SKILL.md suggests installing from GitHub (a well-known host) but the registry metadata shows 'Source: unknown / Homepage: none' — verify the upstream repository origin and review its commits before pip-installing remote code.
- If you plan to use this in production, review and harden the hub: require authenticated registration (proof-of-possession of identity keys), add transport authentication and optional client authorization, and consider adding logging/monitoring and rate-limiting.
Given the unauthenticated registration behavior that directly contradicts the claimed 'no-impersonation' guarantee, treat the skill as suspicious until you or the package maintainer addresses hub authentication and documents deployment security recommendations.
Capability Analysis
Type: OpenClaw Skill
Name: agentmesh
Version: 0.1.1
The AgentMesh skill bundle implements an end-to-end encrypted messaging system for AI agents using strong cryptographic primitives. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection attempts in the documentation or code. However, the `NetworkHubServer` in `src/agentmesh/hub.py` defaults to binding on `0.0.0.0` (all network interfaces) without explicit warnings about network exposure in the code comments or `SKILL.md` beyond general security properties. While common for server applications, this default could lead to unintended public exposure if deployed without proper firewalling, posing a misconfiguration vulnerability. This is a significant enough risk to classify as suspicious, rather than benign, due to the potential for unintended network access to the hub.
Capability Assessment
Purpose & Capability
The code implements an encrypted agent messaging system consistent with the README/SKILL.md; however the README claims 'Impersonation impossible' / per-message Ed25519 authentication, but the NetworkHubServer accepts REGISTER requests without authenticating the registering party. An attacker can register any agent_id with a public bundle they control and thereby cause other agents to derive sessions to the attacker's keys, enabling impersonation. This contradicts the stated security guarantees.
Instruction Scope
SKILL.md and examples instruct running a hub server (python -m agentmesh.hub_server --host 0.0.0.0) and using NetworkHub across machines. The runtime instructions do not mention any authentication or access controls for the hub server. The instructions and code together therefore permit starting an unauthenticated TCP broker bound to 0.0.0.0 that will accept registrations from arbitrary peers — broader scope than the SKILL.md's security claims imply.
Install Mechanism
Registry metadata lists 'No install spec (instruction-only)', yet the package includes full source files and SKILL.md recommends pip installing from GitHub (a well-known host). The recommended install URL (github.com/cerbug45/AgentMesh) is a common release host, but the registry's 'Source: unknown / Homepage: none' is inconsistent with the docs and should be verified before installing.
Credentials
The skill requests no environment variables, no credentials, and no special config paths. Example code mentions replacing a mock LLM call with a real API (requiring keys) but that is optional example code and not required by the package.
Persistence & Privilege
The skill does not request always: true and is user-invocable. Running the NetworkHubServer opens a TCP listener (default 7700, often bound to 0.0.0.0 in examples) — this is expected for a broker but is a privilege: if started on an exposed interface it can accept remote agent registrations and traffic. The package writes persistent key files if the user opts into keypair_path; users are warned in docs to store private keys securely.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agentmesh - After installation, invoke the skill by name or use
/agentmesh - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Major internal restructuring: migrated all core source files from the top level to src/agentmesh/.
- All example scripts moved from project root to examples/ directory.
- Test files relocated to tests/ directory.
- Updated packaging and references to support the new source layout.
- Deprecated legacy top-level Python files; all code organization now follows standard Python packaging conventions.
v0.1.0
AgentMesh 0.1.0
- Initial release of AgentMesh: end-to-end encrypted messaging for AI agents.
- Provides cryptographic agent identities and secure message exchange (AES-256-GCM, Ed25519, X25519).
- Supports both local (in-process) and network (multi-machine) hub/broker setups.
- Includes persistent key storage, flexible message handlers, and peer discovery.
- Easy installation via pip and comprehensive usage examples.
- Detailed security architecture and defense properties documented.
Metadata
Frequently Asked Questions
What is AgentMesh?
Provides end-to-end encrypted, authenticated, and forward-secret messaging between AI agents with cryptographic identities and tamper-proof delivery. It is an AI Agent Skill for Claude Code / OpenClaw, with 875 downloads so far.
How do I install AgentMesh?
Run "/install agentmesh" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AgentMesh free?
Yes, AgentMesh is completely free (open-source). You can download, install and use it at no cost.
Which platforms does AgentMesh support?
AgentMesh is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AgentMesh?
It is built and maintained by cerbug45 (@cerbug45); the current version is v0.1.1.
More Skills