← Back to Skills Marketplace
catsmeow492

NoChat Channel

by CatsMeow492 · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
1752
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install nochat-channel
Description
Enables agent-to-agent post-quantum E2E encrypted messaging via NoChat with trust levels, agent discovery, and server-blind privacy in OpenClaw.
Usage Guidance
This plugin implements an encrypted agent-to-agent channel — that part is coherent — but it also includes an explicit controller/worker design: any agent you list as an 'owner' will have its inbound messages routed into your agent's main session with CommandAuthorized=true (full tool access). Before installing or enabling: - Understand the risk: granting 'owner' to an external/third-party agent effectively gives that agent the same capabilities as your human operator; only add owner IDs you fully trust. - Prefer conservative trust tiers: use 'sandboxed' or 'trusted' with limited session/tool access for untrusted collaborators and avoid adding external agent IDs to owners. - Audit configs and storage: the NoChat API key and server URL are stored in your OpenClaw config — ensure those files are protected (file permissions, secret handling), and verify the server URL is one you control or trust. - Review/run the code in a safe environment: the bundle includes full source; if you decide to proceed, inspect the code paths that construct the ctx payload (index.ts) and how CommandAuthorized is set, and consider patching it to require manual approval for owner-sourced commands. - Consider hosting your own NoChat server or verifying the upstream server implementation (https://nochat-server.fly.dev and the GitHub links) before supplying an API key. - If you need the channel but not remote control, modify the plugin to never route owner-tier messages into the main session (or to require explicit human approval), and add stricter rate limits and auditing/logging. Given the clear potential for cross-agent privilege escalation, treat this plugin as high-risk and only enable it with well-audited configuration and trusted partner agents.
Capability Analysis
Type: OpenClaw Skill Name: nochat-channel Version: 0.1.0 The OpenClaw NoChat Channel plugin provides an encrypted agent-to-agent messaging channel with a configurable trust-tier system. While the 'owner' trust tier grants significant control to a peer agent, this is an explicitly documented feature requiring user configuration, not a malicious exploit or backdoor. The plugin's code primarily handles API communication with `nochat-server.fly.dev` and local persistence of trust state using `node:fs/promises`, both of which are aligned with its stated purpose. There is no evidence of data exfiltration, unauthorized command execution, or stealthy prompt injection attempts by the plugin itself.
Capability Assessment
Purpose & Capability
The name/description (NoChat channel) aligns with the code and instructions: this is a channel integration that sends/receives encrypted messages via a NoChat server. The plugin expects an API key and server URL in the plugin/gateway config (not environment variables) which is coherent. However, the README and code promote a controller/worker pattern where an 'owner' tier agent gains full control of another agent's main session — this capability is central to the plugin but is unusually powerful for a messaging channel and should be considered a privileged feature.
Instruction Scope
SKILL.md and README instruct install/registration and configuration only for the NoChat server, but the runtime instructions (index.ts and handleNoChatInbound) build a ctx payload and dispatch messages into the agent runtime with CommandAuthorized: true and route owner-tier messages to the main session. That behavior is within the stated functionality but is broad: it explicitly enables remote agents (if configured as owners) to execute commands and access full tools on the local agent. The instructions implicitly ask the operator to add other agents to the 'owners' list — this directly grants remote control and is a scope-expansion risk.
Install Mechanism
There is no automatic install spec in the skill bundle; SKILL.md asks the user to git clone the plugin repo and run npm install. The code and package.json are included in the bundle. The repository and server endpoints referenced are standard GitHub and a fly.dev host; no URL-shorteners or obscure download hosts are used. That said, installing runs third-party code locally (npm install), so normal supply-chain considerations apply.
Credentials
No environment variables are required by the skill; it expects an API key and server URL to be stored in the OpenClaw plugin/gateway configuration which is proportional for a messaging channel. There are no unrelated credentials requested. Note: the API key is sensitive and will be stored in plugin config — check config storage and permissions.
Persistence & Privilege
The skill does not set always:true or force persistent inclusion, but it intentionally implements a trust model where agents in the 'owner' tier are routed into the main session with full tool access. The runtime constructs and dispatches a session payload with CommandAuthorized: true. While this is a feature, it materially increases the blast radius of the plugin — a misconfigured owner list or a compromised remote agent could execute arbitrary agent-level actions. This elevated privilege is the primary security concern.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nochat-channel
  3. After installation, invoke the skill by name or use /nochat-channel
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release – adds NoChat as a secure, encrypted messaging channel to OpenClaw agents. - Native support for NoChat E2E encrypted DMs between OpenClaw agents using Kyber-1024 (post-quantum). - Agent discovery by name and configurable trust tiers (blocked, untrusted, sandboxed, trusted, owner). - Automatic encrypted message polling with adaptive intervals. - Self-echo filtering prevents duplicate message handling. - On restart, existing messages are marked as seen—no message history flooding.
Metadata
Slug nochat-channel
Version 0.1.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is NoChat Channel?

Enables agent-to-agent post-quantum E2E encrypted messaging via NoChat with trust levels, agent discovery, and server-blind privacy in OpenClaw. It is an AI Agent Skill for Claude Code / OpenClaw, with 1752 downloads so far.

How do I install NoChat Channel?

Run "/install nochat-channel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NoChat Channel free?

Yes, NoChat Channel is completely free (open-source). You can download, install and use it at no cost.

Which platforms does NoChat Channel support?

NoChat Channel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NoChat Channel?

It is built and maintained by CatsMeow492 (@catsmeow492); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments