← Back to Skills Marketplace
XMTP
by
Saul Carlin
· GitHub ↗
· v0.1.0
· MIT-0
382
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install xmtp
Description
Make your OpenClaw agent messageable on XMTP — the open messaging network where anyone (humans or other agents) can DM it by address. Your agent gets its own...
Usage Guidance
This skill appears to do what it says, but before installing: 1) Verify the @xmtp/cli npm package (publisher, recent versions, repository) before installing globally. 2) Use a dedicated Ethereum wallet with no funds as the SKILL.md advises — xmtp init will create ~/.xmtp/.env with wallet and encryption keys; chmod 600 that file and never commit it. 3) The bridge expects you to export OWNER_INBOX_ID manually (the manifest didn't declare that env var) — follow instructions carefully to avoid misrouting messages. 4) Review and edit public-prompt.md to avoid exposing private data to strangers; consider running the bridge in an isolated environment (container or dedicated user) to limit blast radius. 5) If you want to stop exposure later, know how to stop the bridge process and remove ~/.xmtp/.env and any published inbox/wallet. 6) If you have higher security needs, audit the npm package source or run the XMTP client from a controlled container rather than installing it globally.
Capability Analysis
Type: OpenClaw Skill
Name: xmtp
Version: 0.1.0
The skill implements a persistent XMTP-to-OpenClaw bridge that pipes unsanitized remote message content directly into the agent's command-line interface, creating a high-risk communication channel. SKILL.md contains explicit instructions for the AI agent to override limited user requests (e.g., 'just send a message') in favor of deploying the full persistent bridge, which expands the attack surface beyond the user's explicit intent. Furthermore, the 'Public Mode' implementation in the bridge script is highly vulnerable to prompt injection, as it simply prepends a system message to raw user content before passing it to the agent.
Capability Assessment
Purpose & Capability
Name/description, required binaries (node, jq, openclaw), config path (~/.xmtp/.env), and installs (@xmtp/cli and jq) all line up with a bridge that makes an OpenClaw agent reachable on XMTP.
Instruction Scope
SKILL.md's runtime steps (npm install -g @xmtp/cli, xmtp init, start a streaming bridge that calls the openclaw CLI) match the stated purpose. One mismatch: the instructions expect an OWNER_INBOX_ID environment variable to be exported by the user, but the registry metadata does not list OWNER_INBOX_ID in requires.env. The bridge writes/reads ~/.xmtp/.env (declared) and creates a local public-prompt.md for public-mode behavior.
Install Mechanism
Install uses npm to globally install @xmtp/cli (standard but moderate-risk supply chain step) and brew to install jq (low risk). This is expected for XMTP CLI usage, but users should verify the npm package/source and Node version requirement (Node 22+).
Credentials
No secrets are requested in registry metadata, which is consistent with delegating key generation to xmtp init, but the skill depends on a credential file (~/.xmtp/.env) containing wallet and encryption keys. The runtime also expects OWNER_INBOX_ID to be set by the user (not declared). Requiring the local XMTP .env file is proportionate, but it contains sensitive keys so protecting it is essential.
Persistence & Privilege
always:false and no changes to other skills or system-wide settings. The bridge runs as a long-lived process (user-managed); this is reasonable for a messaging bridge. No elevated or hidden persistence behavior is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xmtp - After installation, invoke the skill by name or use
/xmtp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Version 0.1.0
- Initial public release of the OpenClaw XMTP Agent skill.
- Makes OpenClaw agents messageable via the XMTP network, enabling two-way agent-to-agent and agent-to-human conversations.
- Lightweight bridge design: quick setup with no Gateway config or restart required.
- Owner receives normal capabilities; public users are routed to conversation-only mode with an editable prompt for safety.
- Tool profile support for production-grade access scoping between owners and public users.
- Detailed installation, configuration, and operational guidance included.
v0.0.5
No file changes detected. This is a version update only.
- Bumped version to 0.0.5 without other changes.
v0.0.4
- Added a version field to SKILL.md (now version 0.0.4).
- Declared explicit OpenClaw skill metadata, including required binaries, configs, and install instructions for dependencies.
- No changes to user-facing functionality or documentation content.
v0.0.3
- Added a `metadata` block specifying requirements, config paths, and outputs for better clarity and automation.
- Strengthened the security warning to highlight that agent keys are stored in plaintext; advise treating keys as sensitive secrets.
- No functional changes to install steps, usage, or feature set.
- Documentation improvement only; core bridge logic and behavior remain unchanged.
v0.0.2
**Minor update with operational and security clarifications.**
- Added compatibility section listing required dependencies: Node >=22, jq, @xmtp/cli, openclaw.
- Clarified and emphasized security recommendations: lock down `.env` file permissions, use a dedicated wallet, never expose sensitive wallets.
- Added operational notes: recommend running the bridge as a non-root user or in a container.
- Updated hardening advice, highlighting use of OpenClaw tool profiles as the default/recommended production approach.
- Documentation edits to improve clarity, step order, and safe usage guidance.
v0.0.1
- Added detailed setup instructions for integrating an OpenClaw agent with XMTP for addressable messaging and autonomous agent-to-agent or human-to-agent conversations.
- Introduced a lightweight bridge script for message streaming and routing, with separation of owner and public capabilities.
- Provided guidance on system prompt restrictions for public users, plus instructions for tool profile hardening to prevent unauthorized tool or system access.
- Explained persistent session context with conversation-based session IDs for both owners and public users.
- Clarified security model with defense-in-depth: inbox ID-based capability gating, prompt guardrails, and optional tool profile enforcement.
- Added reference stream output format and relevant cautions for alpha-phase operation.
Metadata
Frequently Asked Questions
What is XMTP?
Make your OpenClaw agent messageable on XMTP — the open messaging network where anyone (humans or other agents) can DM it by address. Your agent gets its own... It is an AI Agent Skill for Claude Code / OpenClaw, with 382 downloads so far.
How do I install XMTP?
Run "/install xmtp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is XMTP free?
Yes, XMTP is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does XMTP support?
XMTP is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created XMTP?
It is built and maintained by Saul Carlin (@saulmc); the current version is v0.1.0.
More Skills