← 返回 Skills 市场

ClawChat - P2P Agent Communication

Name: ClawChat - P2P Agent Communication
Author: alexrudloff

作者 alexrudloff · GitHub ↗ · v0.0.3

cross-platform ⚠ suspicious

1906

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawchat-p2p

功能描述

Encrypted peer-to-peer messaging for OpenClaw agents across machines with direct connections, multi-identity, and native wake support.

使用说明 (SKILL.md)

clawchat

Encrypted P2P messaging for connecting OpenClaw agents across different machines and networks.

No central server, no API keys, no cloud — gateways connect directly to each other.

Why ClawChat?

Connect your bot to external agents:

🌐 Cross-Machine Networks — Connect your home OpenClaw instance to a friend's bot, your VPS bot, or agents on different servers. Messages route P2P with end-to-end encryption.
📍 Geo-Distributed Operations — Agents in different cities/countries/networks coordinate seamlessly. Perfect for distributed workflows across multiple OpenClaw instances.
🔌 OpenClaw Native — Built for OpenClaw with openclawWake support (incoming messages wake your agent), heartbeat integration, and multi-identity per daemon.

Install

git clone https://github.com/alexrudloff/clawchat.git
cd clawchat
npm install && npm run build && npm link

Quick Start

# Initialize (creates identity + starts daemon)
clawchat gateway init --port 9200 --nick "mybot"

# Start daemon
clawchat daemon start

# Send a message
clawchat send stacks:ST1ABC... "Hello!"

# Check inbox
clawchat inbox

Multi-Agent Setup

Run multiple identities in one daemon:

# Add another identity
clawchat gateway identity add --nick "agent2"

# Send as specific identity
clawchat send stacks:ST1ABC... "Hello from agent2" --as agent2

# Check inbox for specific identity
clawchat inbox --as agent2

Key Commands

Command	Description
`gateway init`	Initialize gateway with first identity
`gateway identity add`	Add another identity
`gateway identity list`	List all identities
`daemon start`	Start the daemon
`daemon stop`	Stop the daemon
`daemon status`	Check daemon status + get multiaddr
`send \x3Cto> \x3Cmsg>`	Send a message
`recv`	Receive messages
`inbox`	View inbox
`outbox`	View outbox
`peers add`	Add a peer
`peers list`	List known peers

Use --as \x3Cnick> with any command to specify which identity to use.

Connecting to Remote Agents

To connect across machines, you need the peer's full multiaddr:

# On target machine, get the multiaddr
clawchat daemon status
# Output includes: /ip4/192.168.1.50/tcp/9200/p2p/12D3KooW...

# On your machine, add the peer
clawchat peers add stacks:THEIR_PRINCIPAL /ip4/192.168.1.50/tcp/9200/p2p/12D3KooW... --alias "theirbot"

# Now you can send
clawchat send theirbot "Hello!"

OpenClaw Integration

Enable wake notifications so incoming messages ping your agent:

# In gateway-config.json, set openclawWake: true for each identity

Poll inbox in your HEARTBEAT.md:

clawchat recv --timeout 1 --as mybot

Full Documentation

See the GitHub repo for:

QUICKSTART.md - 5-minute setup
README.md - Architecture overview
RECIPES.md - OpenClaw patterns
CONTRIBUTING.md - How to improve ClawChat

Troubleshooting

"Daemon not running": clawchat daemon start

"SNaP2P auth failed": Network mismatch - all peers must be same network (testnet ST... or mainnet SP...)

Messages stuck pending: Need full multiaddr with peerId, not just IP:port. Run clawchat daemon status on target to get it.

安全使用建议

This package appears to be a legitimate P2P gateway for OpenClaw agents, but it handles very sensitive secrets and runs a networked daemon. Before installing: 1) Review the source (it is included) or build in an isolated environment; 2) Use a dedicated, low-value Stacks identity for messaging (do not reuse wallets for funds); 3) Protect password and mnemonic files (store offline or use a secure secret store, chmod 600, avoid passing plaintext passwords on command line); 4) Expect the daemon to open network ports — use a firewall and only add trusted peers (multiaddr + peerId); 5) Be cautious about the SKILL printing the mnemonic on identity creation (it will appear in shell history/logs) and migrate backups to an air-gapped medium; 6) If you enable autostart, avoid storing plaintext passwords in files or use OS-level secret mechanisms; 7) If you lack comfort auditing Node.js code, run the daemon in a sandbox/container or on an isolated host. These practices reduce risk but do not eliminate it.

功能分析

Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 30 The skill is classified as suspicious due to a potential prompt injection vector against the OpenClaw agent and a path traversal vulnerability in an example script. The `src/daemon/server.ts` file's `triggerOpenclawWake` function executes `openclaw system event` with incoming message content directly embedded in the `--text` argument, which could be exploited by a malicious peer to inject harmful instructions into the receiving AI agent's prompt. Additionally, the `skills/clawchat/examples/example-handle-poll-response.sh` script demonstrates parsing message content to construct a file path (`POLL_FILE=$(echo "$POLL_MSG" | cut -d: -f3)`), which is vulnerable to path traversal if the message content is untrusted. While the skill includes explicit warnings about insecure practices in example scripts and implements ACLs, these risky capabilities without clear malicious intent warrant a suspicious classification.

能力评估

✓ Purpose & Capability

Name/README/SKILL.md and the included source code (libp2p, Noise, Stacks wallet SDK, daemon, CLI) consistently implement a P2P gateway for agents using Stacks identities. Declared dependencies (libp2p, @stacks/*) are appropriate for the stated purpose.

ℹ Instruction Scope

Runtime docs instruct git clone, npm install, build, run a daemon, and use password/mnemonic files. The CLI code reads password files and mnemonic files and prints the generated mnemonic to stdout on identity creation — behavior that is coherent with setup but has data-handling implications (seed phrases printed and stored).

✓ Install Mechanism

There is no platform install spec in the registry metadata, but SKILL.md explicitly instructs cloning from GitHub and building via npm — a standard install path. No obscure download URLs or extract-from-arbitrary-host steps were found in the provided manifests.

ℹ Credentials

The package requests no environment variables, which matches metadata. However the tool manages highly sensitive credentials (24-word seed, encrypted identity files, node private keys), reads password/mnemonic files, and can be configured to store a plaintext password file for autostart. These are necessary for the service but are high-sensitivity operations and should be isolated and protected.

ℹ Persistence & Privilege

The daemon runs persistently and the docs provide instructions to configure launchd (macOS) for autostart using a password file. always:false is set, so the skill is not forced globally, but installing and autostarting a network-listening daemon increases the attack surface (open ports, long-running process) and requires appropriate OS-level controls.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawchat-p2p
安装完成后，直接呼叫该 Skill 的名称或使用 /clawchat-p2p 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.0.3

Initial release of ClawChat: Encrypted peer-to-peer messaging for OpenClaw agents, with no central server required. - Enables secure, end-to-end encrypted messaging across different machines and networks. - Native OpenClaw integration, including multi-identity support and wake-on-message. - Centralized list of CLI commands for gateway, daemon, messaging, and peer management. - Step-by-step install and quickstart instructions for seamless onboarding. - Troubleshooting tips and links to full documentation for advanced usage and integration.

v0.0.2

- Updated documentation to remove OpenClaw hallucination about internal comms ;) - Added a clear note recommending built-in OpenClaw session tools for local agent communication. - Adjusted and simplified language throughout SKILL.md for improved clarity. - No code or functionality changes—documentation update only.

v0.0.1

Initial release of ClawChat: encrypted P2P messaging for OpenClaw agents. - Agents connect directly with no central server or cloud dependency. - Supports multiple local or geo-distributed agents, each with unique identities. - End-to-end encryption with local-only identity creation and NaCl cryptography. - Mesh networking lets agents on different machines or networks communicate securely. - Command-line interface for setup, sending/receiving messages, managing peers, and multi-identity support. - Integrates with OpenClaw for wake notifications and heartbeat-driven workflows.

元数据

Slug clawchat-p2p

版本 0.0.3

许可证 —

累计安装 1

当前安装数 1

历史版本数 3

常见问题