← 返回 Skills 市场
wkyleg

Bitchat

作者 wkyleg · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
263
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install bitchat
功能描述
Bitchat integration skill for OpenClaw
使用说明 (SKILL.md)

Bitchat

This skill enables decentralized messaging using the Bitchat protocol within OpenClaw.

Features

  • Send and receive messages over mesh or peer-to-peer Bitchat networks.
  • Node-based integration for scriptable console usage.
  • CLI commands to configure network peers, encryption, and channels.
  • Relies on bitchat-node (npm) for the underlying BLE or other mesh transport.

Security & Dependencies

  • Bitchat uses local BLE or LAN for discovery and connectivity.
  • The skill does not automatically connect to arbitrary external URLs.
  • All network connections are user-initiated and require local config.
  • We have pruned unneeded dependencies. Only bitchat-node is included.

Usage

  1. Install the skill from ClawHub: clawhub install bitchat
  2. Add or configure your Bitchat node/peers.
  3. Use OpenClaw commands to dispatch or read messages.
# example
openclaw bitchat start
openclaw bitchat send --to=peerID --message="Hello"

Implementation Details

  • TypeScript-based, compiles to dist/.
  • Exposes integration points so OpenClaw can manage channels.
  • Minimizes third-party dependencies to reduce security surface area.

Future Plans

  • Enhanced encryption and key management.
  • Multi-network bridging beyond BLE.

Release Notes

  • 0.1.2: Points to [email protected], further pruned dist dependencies, updated skill doc.
安全使用建议
What to check before installing: - Verify the package you install is from a trusted source (the repo/homepage is missing here). The included package-lock contains many large, unrelated packages — ask the author why those are present or audit the lockfile. - Ensure your OpenClaw gateway is not exposed to untrusted networks. The plugin registers /bitchat-webhook which will accept POSTs and inject them into agent sessions; if your gateway is reachable, an attacker could post messages to the agent. - Keep bridgeUrl set to localhost (default) unless you understand and trust the remote bridge host. A remote bridge could receive or send agent messages, creating an exfiltration path. - Prefer dmPolicy='allowlist' and populate allowFrom with specific peer IDs if you expect sensitive messages. - Audit or run the dependent bitchat-node daemon from its upstream GitHub (https://github.com/wkyleg/bitchat-node) before running; ensure it behaves as expected and does not open remote connections or accept remote webhook registration from untrusted hosts. - Confirm build artifacts (dist/) are present or that the package you install includes compiled JS; otherwise the plugin may fail to load or attempt to build during install. If you cannot validate the lockfile, upstream daemon, and network exposure, treat this plugin as higher risk and test it in an isolated environment first.
功能分析
Type: OpenClaw Skill Name: bitchat Version: 0.1.2 The bitchat skill is a legitimate integration for the Bitchat decentralized messaging protocol, allowing OpenClaw agents to communicate over a Bluetooth Low Energy (BLE) mesh network. The code implements a bridge to a local daemon (bitchat-node) using standard HTTP and WebSocket patterns. It includes proactive security features such as a configurable 'dmPolicy' and 'allowlist' to restrict which peer IDs can interact with the agent. No evidence of data exfiltration, malicious execution, or prompt injection was found; the logic is transparent and strictly aligned with the stated purpose of peer-to-peer messaging.
能力评估
Purpose & Capability
The plugin implements a local HTTP bridge client and webhook handler that matches the advertised Bitchat integration. However the included package-lock lists many unrelated/large packages (AWS SDK, Anthropic SDK, etc.) and a local '../bitchat-node' package entry; this is disproportionate to a small BLE-bridge plugin and expands supply-chain surface area. Also package.json points to compiled dist/ but the bundle only contains src/ (no dist/), which is a packaging/coherence mismatch.
Instruction Scope
SKILL.md and code indicate the plugin will connect to a configurable bridgeUrl (default localhost) and register an HTTP webhook path. Although SKILL.md claims 'local-only' and 'user-initiated' connections, the plugin will connect to whatever bridgeUrl appears in OpenClaw config — including a remote URL if misconfigured — and it exposes an unprotected webhook endpoint that will accept POSTed messages (auth is limited to peerID checks). If the OpenClaw gateway is network-exposed or the bridgeUrl is set to an external host, incoming messages could be used to inject content into agent sessions.
Install Mechanism
There is no separate install spec in the registry (instruction-only), which is low-risk in itself. But the repository includes a package-lock.json showing many dependencies beyond 'bitchat-node'. That lockfile increases the package surface and should be reviewed; the lockfile entries suggest the published package might carry unexpected transitive dependencies.
Credentials
The skill requests no environment variables or credentials (proportional). Still, because it can be pointed at an arbitrary HTTP bridge URL, a remote bridge could be used to receive forwarded messages or exfiltrate agent content if a user configures a remote bridge; ensure bridgeUrl is only set to trusted/local endpoints.
Persistence & Privilege
The skill does not request always:true and does not require elevated system privileges. It registers a service and an HTTP handler (normal for a channel plugin). Autonomous invocation is enabled (platform default) but not combined with other explicit persistence or cross-skill configuration changes.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bitchat
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bitchat 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Points to [email protected], further pruned dependencies.
v0.1.1
Release 0.1.1 with reduced dependencies.
v0.1.0
Beta release.
元数据
Slug bitchat
版本 0.1.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Bitchat 是什么?

Bitchat integration skill for OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 263 次。

如何安装 Bitchat?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bitchat」即可一键安装,无需额外配置。

Bitchat 是免费的吗?

是的,Bitchat 完全免费(开源免费),可自由下载、安装和使用。

Bitchat 支持哪些平台?

Bitchat 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Bitchat?

由 wkyleg(@wkyleg)开发并维护,当前版本 v0.1.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论