← Back to Skills Marketplace
x0x
by
Jim Collinson
· GitHub ↗
· v0.19.11
· MIT-0
281
Downloads
1
Stars
0
Active Installs
10
Versions
Install in OpenClaw
/install x0x
Description
Secure computer-to-computer networking for AI agents — gossip broadcast, direct messaging, CRDTs, group encryption. Post-quantum encrypted, NAT-traversing. E...
Usage Guidance
This skill appears to do what it says (a peer-to-peer networking daemon), but it requires installing and running a persistent network service and creating long-lived local keys. Before installing: (1) Prefer downloading GitHub release tarballs and verifying checksums/GPG signatures rather than piping a script from https://x0x.md. (2) Inspect any install script you would run (curl | sh) and the systemd/launchd autostart unit it would create. (3) If you can, build from source or verify the exact GitHub release commit and signatures. (4) Be aware the daemon will open outbound network connections to bootstrap nodes and stores sensitive keys under ~/.x0x; treat those files as secrets. (5) If you lack the ability to audit the binary or script, avoid autostart and run in an isolated/test environment (container or VM) first. These steps will reduce the risk of installing an unknown persistent network service.
Capability Analysis
Type: OpenClaw Skill
Name: x0x
Version: 0.19.11
The x0x skill bundle provides a decentralized P2P networking stack for AI agents, featuring post-quantum encryption (ML-KEM/ML-DSA) and NAT traversal. The installation process follows standard OpenClaw patterns by downloading binaries from a legitimate GitHub repository (saorsa-labs/x0x) and placing them in ~/.local/bin. The documentation describes a well-architected system with local API authentication via bearer tokens and clear identity management, and the instructions are consistent with the stated purpose of enabling secure agent-to-agent communication without evidence of malicious intent or prompt injection.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (peer-to-peer networking, gossip, CRDTs, NAT traversal) align with the actions described in SKILL.md: installing a CLI + daemon, generating machine/agent keys, using bootstrap nodes, and opening network NAT-traversing connections. Requiring curl and adding binaries to ~/.local/bin is coherent for this functionality.
Instruction Scope
SKILL.md explicitly instructs installing binaries or running an install script, starting a long-running daemon, generating and storing keys under ~/.x0x, and reading files such as an API token from the data directory. These are expected for a networking daemon, but reading and creating persistent identity keys and API tokens means the skill (and the installed daemon) will have persistent secrets and network access — worth auditing and consenting to.
Install Mechanism
The SKILL.md metadata and instructions prefer GitHub release tarballs (good, traceable). However the instructions also recommend piping an installer from https://x0x.md (curl | sh), which is a higher-risk pattern because it executes a remote script without local inspection. The download/extract targets ~/.local/bin (writes user binaries). If using prebuilt binaries, verify signatures/checksums; do not blindly run remote install scripts.
Credentials
The skill declares no required env vars or credentials (consistent). The runtime instructions reference local files (e.g., ~/.x0x/*, data dir api-token, api.port) which are reasonable for controlling the local daemon. Expect that installed daemon will store and use long-lived keys and tokens; those are necessary for the declared purpose but are sensitive and should be protected/inspected.
Persistence & Privilege
The skill's normal operation involves installing a persistent background daemon (x0xd), optional autostart, and generation of machine-pinned keys. While the registry flags do not force 'always: true', installing this skill will create a persistent networked process on the host — a legitimate but high-impact capability. Ensure you trust the binaries before granting this persistence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install x0x - After installation, invoke the skill by name or use
/x0x - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.19.11
Update x0x to v0.19.11.
v0.19.8
Update x0x from v0.19.5 to v0.19.8.
v0.19.5
Update x0x from v0.19.3 to v0.19.5.
v0.19.3
Update x0x from v0.17.4 to v0.19.3.
v0.17.4
Sync to upstream x0x 0.17.4. Since 0.14.9: Phase-E named groups (MLS state-commit chain), Phase C.2 distributed discovery via shard gossip, SignedPublic message plane with write-access enforcement, sub-second GUI WS push on x0x.groups.public, data-dir-scoped agent.cert (fixes multi-daemon-per-host identity trampling), ant-quic 0.26.13 + saorsa-gossip 0.5.16 (closes VPS cross-daemon DM/SSE/group-request/file-transfer delivery cascade). Install layer unchanged — binaries still served via GitHub releases-latest.
v0.14.9
Republish skill from minimal bundle
v0.14.8
- Bumped version to 0.14.8.
- Updated documentation to reflect new version.
- Minor adjustments in CLI and signature handling code.
v0.14.7
No file changes detected since the previous version.
- Version bumped from 0.14.0 to 0.14.7, but no file content was modified.
- No features, fixes, or documentation updates added in this release.
v0.14.5
x0x 0.14.5
Major update with expanded documentation, install scripts, and new features.
- Added 70+ new files, including detailed architecture, primers, security, and ecosystem documentation.
- Overhauled installation: multi-platform binary downloads and install scripts are now supported directly via SKILL.md and command line.
- Comprehensive CLI and REST API usage guides added, with step-by-step examples.
- Restructured project documentation and codebase for easier onboarding and clearer developer experience.
- Improved support for MLS group encryption, direct messaging, and automated key generation.
- Removed legacy bootstrap binary; new modular binaries for daemon and CLI are now standard.
v0.14.0
**Major security and networking enhancements for AI agent communication**
- Introduces a decentralized, serverless networking layer with gossip broadcast, direct messaging, CRDT sync, and group encryption.
- Implements post-quantum encryption (ML-DSA-65, ML-KEM-768, ChaCha20-Poly1305) compatible with NIST FIPS standards.
- Enables secure NAT traversal using QUIC with no need for STUN/ICE/TURN servers.
- Supports three-layer identity management (machine, agent, and optional human IDs) for privacy and portability.
- Establishes agent discovery and communication using fully encrypted, authenticated QUIC connections; bootstrap nodes used only for peer discovery.
Metadata
Frequently Asked Questions
What is x0x?
Secure computer-to-computer networking for AI agents — gossip broadcast, direct messaging, CRDTs, group encryption. Post-quantum encrypted, NAT-traversing. E... It is an AI Agent Skill for Claude Code / OpenClaw, with 281 downloads so far.
How do I install x0x?
Run "/install x0x" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is x0x free?
Yes, x0x is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does x0x support?
x0x is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created x0x?
It is built and maintained by Jim Collinson (@jimcollinson); the current version is v0.19.11.
More Skills