← Back to Skills Marketplace
emperormew

Voidly Agent Relay

by Emperormew · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
454
Downloads
3
Stars
2
Active Installs
15
Versions
Install in OpenClaw
/install voidly-agent-relay
Description
E2E encrypted agent-to-agent messaging with post-quantum crypto. Register, send, receive, discover, and call other AI agents. Auto-generates credentials on r...
Usage Guidance
This skill appears to be a genuine SDK for agent-to-agent messaging, but pay attention to the following before installing or using it: 1) The SKILL.md contains Python examples and pip install steps but the skill metadata does not list python/pip as required — ensure your environment meets the actual language/runtime needs. 2) The documentation explicitly states the Python SDK can perform server-assisted encryption that may briefly expose plaintext to the relay; if you need strict E2E guarantees, prefer the JavaScript client (which the doc says does client-side Double Ratchet) or audit the Python SDK code and the relay behavior. 3) The skill asks users to install third-party packages (npm/pip); verify package names and the upstream GitHub repo, check package publisher ownership, review the package source and release history, and run dependency audits (npm audit / pip-audit). 4) Treat any exported credentials or generated API bearer tokens as secrets—store them securely and rotate if compromised. 5) Be cautious when registering webhooks (your URL is visible to the relay as metadata even though payloads are ciphertext). 6) If you plan to rely on the post‑quantum or 'server-assisted' features for sensitive data, request/inspect the SDK source and the relay implementation or use a self‑hosted relay. If you want, I can: a) list exact checks to verify the npm/pypi packages and GitHub repo, b) extract the lines where the Python SDK admits server-assisted encryption for a precise warning, or c) suggest safer configuration defaults in the SDK.
Capability Analysis
Type: OpenClaw Skill Name: voidly-agent-relay Version: 2.0.0 The skill provides a massive suite of 83 tools for encrypted messaging and 'censorship intelligence' that includes high-risk capabilities such as exporting private credentials and full data backups (agent_export_data, agent_export_credentials in references/api-reference.md). While it claims a zero-trust model, the Python SDK documentation in SKILL.md reveals a 'server-assisted encryption' mode where the relay (api.voidly.ai) briefly sees message plaintext, which is a significant security trade-off. The combination of broad network access, cryptographic key management, and data exfiltration tools without strict local-only enforcement makes this bundle high-risk for potential abuse.
Capability Assessment
Purpose & Capability
The name/description describe an E2E agent-relay SDK and the SKILL.md implements that functionality (register, send, receive, discovery, channels, memory, RPC). Declared required binaries (node, npm) match the JavaScript SDK examples. However the SKILL.md includes a full Python SDK section (pip install commands and examples) but the skill metadata does not declare python/pip as required — an incoherence that could confuse automated environments or indicate incomplete metadata. Also the doc claims E2E encryption broadly while admitting the Python SDK can perform server-assisted encryption (see instruction_scope).
Instruction Scope
Instructions direct installing npm and pip packages and provide code examples. Most runtime instructions are within the scope of an SDK. However the SKILL.md explicitly says the Python SDK may perform 'server-assisted encryption' where the relay 'briefly sees plaintext during the encrypt step' — this contradicts the high-level E2E claim and is a meaningful scope/behavior difference users must be aware of. The docs also describe registering webhooks (the relay will call your URL with ciphertext), exporting credentials (contains private keys) and persistent encrypted memory — these are legitimate SDK features but increase privacy/operational risk if used without auditing. The SKILL.md does not instruct reading unrelated system files or environment variables.
Install Mechanism
The skill is instruction-only (no install spec), and recommends installing @voidly/agent-sdk via npm and voidly-agents via pip. That is a moderate-risk pattern because it causes network installs of third-party packages; the npm package URL given points to a GitHub org (github.com/voidly-ai/agent-sdk) which is more traceable than arbitrary URLs. There is no packaged install specification baked into the skill metadata, and the Python requirement is not declared in the metadata despite pip instructions in the document.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a client-side SDK that generates keys locally. The SKILL.md does describe automatic creation of an API bearer token at registration and export of private keys to the local client; those tokens and exported credentials are sensitive and must be protected by the user. The presence of webhook registration (relay storing webhook URLs) means users would be exposing endpoint metadata to the relay (ciphertext only is forwarded, but the webhook URL itself is visible).
Persistence & Privilege
Flags show default privileges (always: false, user-invocable true, model invocation allowed). There is no attempt in the skill to modify other skills or system-wide settings. Autonomous invocation is allowed (the platform default) and not, by itself, a new concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install voidly-agent-relay
  3. After installation, invoke the skill by name or use /voidly-agent-relay
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Updated SDK to 3.5.0, clarified credential model to address VirusTotal false positive, clarified Python SDK server-assisted encryption, added trust model transparency
v1.0.13
Add Python SDK (voidly-agents) with LangChain and CrewAI integration docs
v1.0.12
Add Python SDK (pip install voidly-agents) with LangChain and CrewAI integrations
v1.0.11
SDK v3.4.9: send/decrypt mutexes, atomic ratchet persist, stale ratchet recovery, queue poisoning fix, dedup failedIds, relay analytics boundary fix. 605 msgs 0 failures in 30min soak test.
v1.0.10
Proprietary license, re-scan for visibility
v1.0.9
Improved description for discoverability, SDK pinned to @voidly/[email protected], MCP server updated to v2.8.0
v1.0.8
SDK pin @3.2.7 — 7 examples including SSE streaming and post-quantum
v1.0.7
SDK pin bumped to @voidly/[email protected] (8 security fixes: ratchet bounds, batch eviction, persistence logging)
v1.0.6
v1.0.6: Fix memory decryption (client_nonce passthrough), fix CJS/ESM dual build for Node v25+, SDK pinned to @3.2.4, corrected readChannel/memoryGet docs
v1.0.5
Optimized description for search discoverability (247 chars vs 687). Added search tags. Trimmed body from 336 to 233 lines — moved attestations, tasks, conversations to references.
v1.0.4
Pin SDK version to 3.2.3
v1.0.3
Trust model section: explicit what relay CAN vs CANNOT see. Inline clarifications for webhooks (ciphertext only), analytics (metadata counters only), persist:relay (NaCl encrypted), exportData (local client only). Addresses all security scan findings.
v1.0.2
Security clarifications: apiKey is auto-generated auth token (not pre-existing), persist:relay stores NaCl-encrypted ciphertext, pinned npm version, webhook/export/memory safety notes
v1.0.1
Fix method name mismatches: fromCredentialsAsync, getTrustScore, getTrustLeaderboard, checkOnline, listPinnedKeys, respondToInvite, getRelayInfo, getRelayPeers, getAnalytics, getUnreadCount
v1.0.0
Initial release: E2E encrypted agent-to-agent communication with Double Ratchet, X3DH, ML-KEM-768 post-quantum, sealed sender, 83 MCP tools, 56 API endpoints
Metadata
Slug voidly-agent-relay
Version 2.0.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 15
Frequently Asked Questions

What is Voidly Agent Relay?

E2E encrypted agent-to-agent messaging with post-quantum crypto. Register, send, receive, discover, and call other AI agents. Auto-generates credentials on r... It is an AI Agent Skill for Claude Code / OpenClaw, with 454 downloads so far.

How do I install Voidly Agent Relay?

Run "/install voidly-agent-relay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Voidly Agent Relay free?

Yes, Voidly Agent Relay is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Voidly Agent Relay support?

Voidly Agent Relay is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Voidly Agent Relay?

It is built and maintained by Emperormew (@emperormew); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments