Description

Bot-to-Bot P2P communication over Tailscale using the LCP/1.1 UDP protocol. Enables AI agents on different machines to exchange signed, reliable messages in...

README (SKILL.md)

Lobster Comm 🦞 — LCP/1.1

Name: Lobster Comm
Author: jeffchang2024

Peer-to-peer messaging between AI agents on different machines via UDP over Tailscale.

Architecture

Agent A (Machine 1)                 Agent B (Machine 2)
┌──────────────────┐                ┌──────────────────┐
│  lcp_node.py     │  UDP :9528     │  lcp_node.py     │
│  (daemon)        │ ◄────────────► │  (daemon)        │
│                  │  Ed25519 signed │                  │
│  IPC: Unix sock  │  ACK + Retry   │  IPC: TCP :9529  │
└──────────────────┘                └──────────────────┘
     ▲                                    ▲
     │ Local IPC                          │ Local IPC
  lcp_send / lcp_check / lcp_ack      (same commands)

Features

UDP direct: Low-latency messaging over Tailscale (vs file-based transfers)
Ed25519 signing: Every message cryptographically signed and verified
Reliable delivery: Application-layer ACK + exponential backoff retry (5 attempts)
Heartbeat: 30s keep-alive, 120s peer timeout detection
Duplicate detection: Idempotent message receipt via seen-ID tracking
Daemon model: Background service with local IPC for agent interaction
Cross-platform: macOS (Unix socket IPC) + Windows (TCP localhost IPC)

Prerequisites

Python 3.9+
PyNaCl (pip install pynacl)
Tailscale with both machines on the same Tailnet
UDP port 9528 open between peers

Quick Start

1. Configure peer IPs

Edit scripts/lcp_node.py and set:

MY_NAME = "AgentA"        # Your agent name
PEER_NAME = "AgentB"      # Peer agent name
MY_IP = "100.x.x.x"      # Your Tailscale IP
PEER_IP = "100.y.y.y"     # Peer Tailscale IP

2. Start daemon

# macOS
python3 scripts/lcp_node.py

# Windows
python scripts/windows/lcp_node_win.py

3. Send & receive

# Send a message
python3 scripts/lcp_send.py "Hello from Agent A!"
python3 scripts/lcp_send.py --type task "Please process data X"
python3 scripts/lcp_send.py --type result --reply-to \x3Cmsg-id> "Done!"

# Check inbox
python3 scripts/lcp_check.py --pretty

# Archive processed messages
python3 scripts/lcp_ack.py

# Check daemon status
python3 scripts/lcp_status.py

Message Protocol

JSON messages with structure:

{
  "id": "uuid",
  "from": "AgentA",
  "to": "AgentB",
  "timestamp": "ISO-8601",
  "type": "chat|task|result|ping|pong",
  "message": "content",
  "replyTo": "optional-msg-id",
  "security": {
    "algo": "ed25519",
    "pubkey": "\x3Cbase64>",
    "signature": "\x3Cbase64>"
  }
}

Wire Format (UDP)

[Magic 4B: "LCP1"][Seq 4B][Type 1B][JSON payload...]
Type: 0x01=DATA, 0x02=ACK, 0x03=HEARTBEAT

Auto-start (macOS)

Create a LaunchAgent plist pointing to lcp_node.py with RunAtLoad=true and KeepAlive for crash recovery.

Auto-start (Windows)

Use Task Scheduler or nssm to run lcp_node_win.py as a service.

Data Directories

data/inbox/ — incoming messages (pending)
data/inbox_archive/ — processed messages
data/outbox/ — sent message copies
data/seen_ids.json — duplicate detection state

Configuration Reference

Parameter	Default	Description
LCP_PORT	9528	UDP port for peer communication
IPC_SOCKET	/tmp/lcp.sock	Unix socket for local IPC (macOS)
IPC_PORT	9529	TCP port for local IPC (Windows)
MAX_RETRIES	5	ACK retry attempts
HEARTBEAT_INTERVAL_S	30	Seconds between heartbeats
PEER_TIMEOUT_S	120	Seconds before marking peer offline

Extending

For multi-peer support, run multiple daemon instances on different ports or extend lcp_node.py with a peer registry. See references/protocol-spec.md for the full LCP/1.1 specification.

Usage Guidance

This skill appears to do what it claims (P2P messaging over UDP/Tailscale) but has local security weaknesses you should consider before installing on any machine you care about: - Local IPC is unauthenticated: the daemon listens on a Unix socket (macOS/Linux) or localhost TCP (Windows) and accepts SEND commands which the daemon will sign and forward. Any local process or user that can connect to that socket can cause the node to sign and send arbitrary messages (effectively acting as the local agent). Run the daemon as a dedicated, low-privilege user and restrict access to the socket (filesystem permissions or localhost firewall rules). - Private key stored unencrypted: the Ed25519 seed is written to keys/identity.pem with no explicit permission hardening. Make sure the key file is only readable by the dedicated user (chmod 600) and, if needed, store keys in a secure store rather than plaintext on disk. - Network exposure: the daemon binds UDP to 0.0.0.0:9528. If host firewall or routing permits, that port could be reached from non-Tailscale networks. Prefer binding to the node's Tailscale interface IP (change binding target) or enforce firewall rules so only the Tailnet can reach the port. - Impersonation nuance: IPC clients can include arbitrary payload fields (including 'from') — the daemon will sign the payload and transmit it. Message recipients relying solely on the 'from' field without mapping it to the sender's public key may be misled. Ensure peers validate the public key-to-identity mapping (TOFU or pre-shared pubkeys) and that you understand the trust model. - File permissions and discovery: message inbox/outbox and seen_ids.json are stored on disk. Review and harden directory permissions and consider placing the skill in an isolated directory or container. Recommended mitigations before use: - Run in an isolated environment (container / VM) for initial testing. - Create a dedicated user account for the daemon and set restrictive file permissions (umask, chmod 600 for key files, restrict data/ and keys/ directories). - Restrict IPC access (filesystem ACLs or bind TCP to 127.0.0.1 and use OS-level firewall rules) and consider adding authentication to the IPC protocol. - Change UDP bind to the specific Tailscale IP instead of 0.0.0.0 or add firewall rules limiting source addresses to the Tailnet. - Review and, if necessary, harden the code: require IPC authentication, encrypt keys at rest, and make auto-start optional until you trust the deployment. If you cannot apply these mitigations, treat the skill as potentially risky for production or multi-user hosts.

Capability Analysis

Type: OpenClaw Skill Name: lobster-comm Version: 1.1.0 The lobster-comm skill bundle implements a legitimate peer-to-peer communication protocol (LCP/1.1) designed for AI agents to exchange messages over a Tailscale network. The implementation includes a background daemon (lcp_node.py) that handles UDP communication, Ed25519 cryptographic signing for message integrity (lcp_crypto.py), and a local IPC interface (Unix sockets on macOS/Linux, TCP on Windows) for agent interaction. The code follows good security practices, such as restricting IPC socket permissions to the owner (0o600) and binding the Windows IPC server to localhost only. There is no evidence of data exfiltration, malicious execution, or prompt injection; the network and file system capabilities are strictly aligned with the stated purpose of inter-agent messaging.

Capability Assessment

✓ Purpose & Capability

The code and SKILL.md align: it implements a UDP-based P2P protocol over Tailscale, uses Ed25519 signing (PyNaCl listed), and provides IPC tools for send/check/ack/status. The declared prerequisites (Python, PyNaCl, Tailscale, UDP port) match the implemented behavior.

⚠ Instruction Scope

Instructions ask the user to edit lcp_node.py to set IPs, start the daemon, and optionally auto-start it. That's expected, but the runtime behavior includes an unauthenticated local IPC (Unix socket or TCP localhost) that accepts SEND/CHECK/ACK/STATUS commands and will sign and transmit arbitrary payloads on behalf of the node. The daemon stores keys and message files on disk and binds UDP to 0.0.0.0:9528 (not restricted to the Tailscale interface), which can expose the service if network/firewall rules are not strict.

✓ Install Mechanism

There is no install script; the skill is instruction + code files. Dependencies are standard (PyNaCl) and users are asked to pip install it. No remote downloads or archive extraction are present in the manifest.

ℹ Credentials

The skill requests no environment variables or external credentials (good). However it generates and stores an Ed25519 seed/private-key file (keys/identity.pem) on first run with no encryption or explicit file-permission hardening. Local files (data/, keys/) and the IPC socket are created with default permissions — these are sensitive artifacts and require proper protection.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and uses standard daemon/autostart suggestions. Autostart is optional and left to the user. No unexpected platform-wide modifications are present in the provided files.

Version History

v1.1.0

LCP/1.1 UDP P2P protocol: Ed25519 signing, reliable ACK delivery, heartbeat, cross-platform

Metadata

Slug lobster-comm

Version 1.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Lobster Comm?

Bot-to-Bot P2P communication over Tailscale using the LCP/1.1 UDP protocol. Enables AI agents on different machines to exchange signed, reliable messages in... It is an AI Agent Skill for Claude Code / OpenClaw, with 102 downloads so far.

How do I install Lobster Comm?

Run "/install lobster-comm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Lobster Comm free?

Yes, Lobster Comm is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Lobster Comm support?

Lobster Comm is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Lobster Comm?

It is built and maintained by JeffChang2024 (@jeffchang2024); the current version is v1.1.0.

More Skills

Lobster Comm