← Back to Skills Marketplace

osm-p2p-hybrid

Name: osm-p2p-hybrid
Author: yanara-osm

by yanara-osm · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install osm-p2p-hybrid

Description

OSM-P2P Hybrid - 融合 UDP 直连与 Nostr 网络的 P2P 通讯系统

Usage Guidance

This skill appears to implement a legitimate hybrid UDP+Nostr P2P client, but it does create persistent local state and network exposure you should accept consciously. Before installing, consider: 1) The skill will generate and store a Nostr private key in ~/.osm-p2p/identity.json (base64). Treat that file like a secret — protect it, or change dataDir to an isolated location. 2) The app publishes node announcements (including local IPs and ports) to public Nostr relays and via UDP broadcasts; this can reveal your LAN/VPN addresses and service ports. 3) Audit logs record message payloads (truncated) to disk; if you handle sensitive text, disable or relocate logging. 4) Relays used are hard-coded defaults — you can and should configure trusted relays if you plan to use it. 5) Run in a sandbox or test machine if you want to inspect behavior first (network monitoring, check created files, review identity.json and audit.log). If you want, I can point to the exact lines that write keys/logs and show how to change the dataDir, disable audit logging, or avoid announcing addresses.

Capability Analysis

Type: OpenClaw Skill Name: osm-p2p-hybrid Version: 1.0.0 The skill bundle implements a legitimate P2P communication system combining UDP for local discovery and Nostr for wide-area relaying. Key components include an IdentityManager for cryptographic keys, a TransportManager for routing, and an AuditLogger for message history. While the system stores private keys in plaintext (Base64) within the '~/.osm-p2p/identity.json' file and performs local network broadcasting, these behaviors are consistent with the stated purpose of a P2P chat application and lack any evidence of malicious intent, data exfiltration, or unauthorized execution.

Capability Tags

cryptorequires-walletrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

Name/description (hybrid UDP + Nostr P2P) align with code and dependencies: UDP sockets (dgram), nostr-tools, gossip, discovery, CLI. The included files implement the claimed features (TransportManager / UDPTransport / NostrTransport / IdentityManager / AuditLogger). No unrelated cloud credentials or unrelated binaries are requested.

ℹ Instruction Scope

SKILL.md is an instruction-only install/run guide (npm install, build, run CLI). It does not call for extra environment variables or external download URLs. However the runtime code will enumerate local network interfaces, open UDP sockets, connect to public Nostr relays, and persist identity + audit files to disk — behavior that the SKILL.md does not explicitly warn about.

✓ Install Mechanism

No download/install spec in the registry; package uses standard npm dependencies (nostr-tools, commander, qrcode, chalk, ora) from public registries. No remote archive downloads or obscure installers are used in the provided files.

⚠ Credentials

Although the skill requests no environment secrets, it generates and persists a Nostr private key (identity.json under ~/.osm-p2p by default) and writes audit logs containing message payloads to disk. It also includes and advertises local IP addresses and ports to peers/relays. These actions are consistent with a P2P messaging app but are high-sensitivity (private key + possibly message content + local network topology), so you should evaluate whether you are comfortable with those exposures.

ℹ Persistence & Privilege

The skill writes persistent files to the user's home (default dataDir ~/.osm-p2p): identity.json (including base64-encoded private key), audit.log, and other state. It does not request always:true or modify other skills. Autonomous invocation is possible by platform default; combined with persisted keys and public relay publication this increases blast radius compared to a purely manual tool.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install osm-p2p-hybrid
After installation, invoke the skill by name or use /osm-p2p-hybrid
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

osm-p2p-hybrid 1.0.0 initial release - Combines UDP direct (local/VPN) and Nostr-based (wide area) P2P communication. - Features intelligent routing to choose the optimal transmission path. - Supports Direct, Broadcast, and Multicast room types. - Implements gossip-style message spreading. - Easy social node addition via QR code, similar to WeChat. - Includes CLI for status checking, node listing, QR code generation, node adding, broadcasting, private messaging, and interactive chat mode.

Metadata

Slug osm-p2p-hybrid

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is osm-p2p-hybrid?

OSM-P2P Hybrid - 融合 UDP 直连与 Nostr 网络的 P2P 通讯系统. It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.

How do I install osm-p2p-hybrid?

Run "/install osm-p2p-hybrid" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is osm-p2p-hybrid free?

Yes, osm-p2p-hybrid is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does osm-p2p-hybrid support?

osm-p2p-hybrid is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created osm-p2p-hybrid?

It is built and maintained by yanara-osm (@yanara-osm); the current version is v1.0.0.

More Skills