← Back to Skills Marketplace

Secure P2p Messenger Real

Name: Secure P2p Messenger Real
Author: puppetcat-fire

by 渡鸦大人 · GitHub ↗ · v1.0.14 · MIT-0

cross-platform ⚠ suspicious

434

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install secure-p2p-messenger-real

Description

小龙虾安全点对点加密通讯技能：端到端加密的消息传递、文件传输和身份验证系统。专为小龙虾代理间的安全通信设计。

Usage Guidance

This package appears to be what it says (a local CLI P2P messenger) but you should be cautious before using it for real secrets: 1) The AES-GCM implementation in secure-messenger.sh does not produce or include an authentication tag even though the documented message format lists one — this undermines integrity and likely makes decryption unreliable. 2) Private keys are stored unencrypted at ~/.openclaw/secure-p2p/keyring/private.pem by default; the script does not offer passphrase protection despite recommending it in the docs. 3) install.sh can create a global symlink with sudo if run with --link — avoid that unless you trust the code. 4) The README/SKILL.md version numbers and registry install metadata are inconsistent (minor but indicates sloppy maintenance). Recommended actions: inspect and test the encrypt/decrypt roundtrip locally on non-sensitive data; require the author to fix AES-GCM tag handling (include authTag) and to support passphrase-encrypted private keys or store keys in a secure keystore; prefer running in a confined user environment (VM/container) until fixes are applied; do not trust this for high-value secrets until cryptographic correctness and safe key storage are demonstrated. If you need, ask the maintainer for an audited implementation or a version that preserves GCM auth tags and encrypts private keys.

Capability Analysis

Type: OpenClaw Skill Name: secure-p2p-messenger-real Version: 1.0.14 The skill bundle provides a functional P2P encryption tool using RSA-2048 and AES-256-GCM for secure messaging. The scripts (install.sh and secure-messenger.sh) follow standard practices for local key management and cryptographic operations, with no evidence of data exfiltration, backdoors, or malicious prompt injection. While there is a minor path traversal vulnerability in how contact IDs are handled in file paths, it appears to be an unintentional design flaw rather than a malicious exploit.

Capability Assessment

✓ Purpose & Capability

Name/description request bash/openssl/jq/base64 and the scripts use exactly those tools to implement a local P2P message/file envelope workflow. The required binaries and local config paths are appropriate for a CLI crypto tool.

⚠ Instruction Scope

SKILL.md and scripts limit operations to local key generation, contact management, packaging encrypted blobs and printing them for out-of-band transport — they do not perform network exfiltration. However the docs claim AES-GCM with authentication tag and include authTag in message format, but the implementation does not capture or transmit an authTag, which is a protocol mismatch and may break integrity/verification. The README/SKILL.md recommend password-protecting private keys but the install/init flow writes an unencrypted private.pem to the keyring by default.

ℹ Install Mechanism

There is no remote download: install.sh is included and only creates ~/.openclaw/secure-p2p, writes config/.env and optionally creates a sudo symlink under /usr/local/bin if user passes --link. This is low-risk compared to fetching external binaries. Minor inconsistency: registry metadata said 'no install spec' but SKILL.md contains an install entry referencing ./install.sh.

✓ Credentials

The skill requests no external credentials or unrelated environment variables. The only env var used for debugging (SECURE_P2P_DEBUG) is created by the install script and is harmless. There are no hidden remote endpoints or secret-scoped env vars required.

ℹ Persistence & Privilege

The skill does not request always:true and will not force inclusion. It installs files under the user's home directory and optionally (user-triggered) creates a global symlink using sudo. It does not modify other skills or system-wide config beyond the optional symlink.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install secure-p2p-messenger-real
After installation, invoke the skill by name or use /secure-p2p-messenger-real
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.14

secure-p2p-messenger-real v1.0.14 - 同步和提升所有文件中的版本号至1.0.14 - 规范化并清理版本历史记录 - 修复脚本和文档中的版本号不一致问题 - 为ClawHub推送准备最新版本

v1.0.13

secure-p2p-messenger-real v1.0.13 - Updated all version numbers to 1.0.13 across project files. - Standardized and cleaned up the version history in documentation. - Fixed mismatches between script and metadata version information. - Prepared for ClawHub update push.

v1.0.12

secure-p2p-messenger-real v1.0.12 - 更新所有相关文件的版本号至1.0.12 - 规范和清理版本历史记录 - 修复脚本文件和元数据版本不一致的问题 - 为ClawHub推送做准备

v1.0.11

secure-p2p-messenger-real v1.0.11 - 更新所有文件中的版本号到1.0.11 - 清理和统一版本历史记录内容 - 修复脚本与元数据版本不一致问题 - 准备 ClawHub 推送发布

v1.0.10

secure-p2p-messenger-real v1.0.10 - All version numbers updated to 1.0.10 across project files for consistency. - Changelog/历史记录格式化与规范化，便于版本管理和溯源。 - 修复脚本与元数据版本号不一致的问题。 - 准备ClawHub平台推送和版本发布。

v1.0.9

- 版本号更新至1.0.9，确保所有核心文件元数据同步。 - 规范化SKILL.md和其它文档中的版本历史记录，提升文档一致性。 - 修复脚本与元数据间的版本不一致问题。 - 为ClawHub平台推送做好准备。

v1.0.8

secure-p2p-messenger-real v1.0.8 - 更新所有相关文件中的版本号到1.0.8，保持版本信息一致 - 优化并规范版本历史记录格式 - 修复脚本与元数据不一致问题 - 准备推送至ClawHub

v1.0.7

- 更新所有文件中的版本号到 1.0.7 - 修复脚本与元数据版本不一致的问题 - 清理并规范化版本历史记录 - 为 ClawHub 推送做准备

v1.0.6

secure-p2p-messenger-real v1.0.6 - 更新所有相关文件中的版本号至1.0.6 - 优化和规范化版本历史日志 - 修复脚本与元数据版本号不一致的问题 - 准备ClawHub推送更新

v1.0.5

secure-p2p-messenger-real v1.0.5 - 更新所有文件中的版本号到1.0.5 - 清理和规范化版本历史记录 - 修复脚本与元数据版本不一致问题 - 准备ClawHub推送更新

v1.0.4

secure-p2p-messenger-real v1.0.4 - 统一并更新所有文件的版本号为1.0.4 - 优化并规范化版本历史，提升文档准确性 - 修正脚本与元数据版本号不一致的问题 - 准备推送ClawHub更新

v1.0.3

**secure-p2p-messenger-real v1.0.3** - Aligns SKILL.md documentation with actual implementation—only features available in the released scripts are described. - Updated file structure and feature lists to reflect single-script design in v1.0.3. - Moved planned and not-yet-implemented advanced features to a dedicated section, clearly separated from released capabilities. - Added README.md and install.sh for improved installation guidance and user onboarding. - Resolved previous inconsistencies and improved clarity in author and version information.

v1.0.0

secure-p2p-messenger-real v1.0.0 - 初始版本，发布小龙虾安全点对点加密通讯技能 - 支持端到端加密消息传递和文件传输 - 集成加密身份验证与联系人管理 - 提供自毁消息、群组通信、密钥轮换等高级功能 - 开箱即用bash脚本、可审计的加密协议和详细中文文档

Metadata

Slug secure-p2p-messenger-real

Version 1.0.14

License MIT-0

All-time Installs 2

Active Installs 2

Total Versions 13

Frequently Asked Questions

What is Secure P2p Messenger Real?

小龙虾安全点对点加密通讯技能：端到端加密的消息传递、文件传输和身份验证系统。专为小龙虾代理间的安全通信设计。 It is an AI Agent Skill for Claude Code / OpenClaw, with 434 downloads so far.

How do I install Secure P2p Messenger Real?

Run "/install secure-p2p-messenger-real" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Secure P2p Messenger Real free?

Yes, Secure P2p Messenger Real is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Secure P2p Messenger Real support?

Secure P2p Messenger Real is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Secure P2p Messenger Real?

It is built and maintained by 渡鸦大人 (@puppetcat-fire); the current version is v1.0.14.

More Skills