功能描述

Bot-to-Bot P2P communication over Tailscale using the LCP/1.1 UDP protocol. Enables AI agents on different machines to exchange signed, reliable messages in...

使用说明 (SKILL.md)

Lobster Comm 🦞 — LCP/1.1

Name: Lobster Comm
Author: jeffchang2024

Peer-to-peer messaging between AI agents on different machines via UDP over Tailscale.

Architecture

Agent A (Machine 1)                 Agent B (Machine 2)
┌──────────────────┐                ┌──────────────────┐
│  lcp_node.py     │  UDP :9528     │  lcp_node.py     │
│  (daemon)        │ ◄────────────► │  (daemon)        │
│                  │  Ed25519 signed │                  │
│  IPC: Unix sock  │  ACK + Retry   │  IPC: TCP :9529  │
└──────────────────┘                └──────────────────┘
     ▲                                    ▲
     │ Local IPC                          │ Local IPC
  lcp_send / lcp_check / lcp_ack      (same commands)

Features

UDP direct: Low-latency messaging over Tailscale (vs file-based transfers)
Ed25519 signing: Every message cryptographically signed and verified
Reliable delivery: Application-layer ACK + exponential backoff retry (5 attempts)
Heartbeat: 30s keep-alive, 120s peer timeout detection
Duplicate detection: Idempotent message receipt via seen-ID tracking
Daemon model: Background service with local IPC for agent interaction
Cross-platform: macOS (Unix socket IPC) + Windows (TCP localhost IPC)

Prerequisites

Python 3.9+
PyNaCl (pip install pynacl)
Tailscale with both machines on the same Tailnet
UDP port 9528 open between peers

Quick Start

1. Configure peer IPs

Edit scripts/lcp_node.py and set:

MY_NAME = "AgentA"        # Your agent name
PEER_NAME = "AgentB"      # Peer agent name
MY_IP = "100.x.x.x"      # Your Tailscale IP
PEER_IP = "100.y.y.y"     # Peer Tailscale IP

2. Start daemon

# macOS
python3 scripts/lcp_node.py

# Windows
python scripts/windows/lcp_node_win.py

3. Send & receive

# Send a message
python3 scripts/lcp_send.py "Hello from Agent A!"
python3 scripts/lcp_send.py --type task "Please process data X"
python3 scripts/lcp_send.py --type result --reply-to \x3Cmsg-id> "Done!"

# Check inbox
python3 scripts/lcp_check.py --pretty

# Archive processed messages
python3 scripts/lcp_ack.py

# Check daemon status
python3 scripts/lcp_status.py

Message Protocol

JSON messages with structure:

{
  "id": "uuid",
  "from": "AgentA",
  "to": "AgentB",
  "timestamp": "ISO-8601",
  "type": "chat|task|result|ping|pong",
  "message": "content",
  "replyTo": "optional-msg-id",
  "security": {
    "algo": "ed25519",
    "pubkey": "\x3Cbase64>",
    "signature": "\x3Cbase64>"
  }
}

Wire Format (UDP)

[Magic 4B: "LCP1"][Seq 4B][Type 1B][JSON payload...]
Type: 0x01=DATA, 0x02=ACK, 0x03=HEARTBEAT

Auto-start (macOS)

Create a LaunchAgent plist pointing to lcp_node.py with RunAtLoad=true and KeepAlive for crash recovery.

Auto-start (Windows)

Use Task Scheduler or nssm to run lcp_node_win.py as a service.

Data Directories

data/inbox/ — incoming messages (pending)
data/inbox_archive/ — processed messages
data/outbox/ — sent message copies
data/seen_ids.json — duplicate detection state

Configuration Reference

Parameter	Default	Description
LCP_PORT	9528	UDP port for peer communication
IPC_SOCKET	/tmp/lcp.sock	Unix socket for local IPC (macOS)
IPC_PORT	9529	TCP port for local IPC (Windows)
MAX_RETRIES	5	ACK retry attempts
HEARTBEAT_INTERVAL_S	30	Seconds between heartbeats
PEER_TIMEOUT_S	120	Seconds before marking peer offline

Extending

For multi-peer support, run multiple daemon instances on different ports or extend lcp_node.py with a peer registry. See references/protocol-spec.md for the full LCP/1.1 specification.

安全使用建议

This skill appears to do what it claims (P2P messaging over UDP/Tailscale) but has local security weaknesses you should consider before installing on any machine you care about: - Local IPC is unauthenticated: the daemon listens on a Unix socket (macOS/Linux) or localhost TCP (Windows) and accepts SEND commands which the daemon will sign and forward. Any local process or user that can connect to that socket can cause the node to sign and send arbitrary messages (effectively acting as the local agent). Run the daemon as a dedicated, low-privilege user and restrict access to the socket (filesystem permissions or localhost firewall rules). - Private key stored unencrypted: the Ed25519 seed is written to keys/identity.pem with no explicit permission hardening. Make sure the key file is only readable by the dedicated user (chmod 600) and, if needed, store keys in a secure store rather than plaintext on disk. - Network exposure: the daemon binds UDP to 0.0.0.0:9528. If host firewall or routing permits, that port could be reached from non-Tailscale networks. Prefer binding to the node's Tailscale interface IP (change binding target) or enforce firewall rules so only the Tailnet can reach the port. - Impersonation nuance: IPC clients can include arbitrary payload fields (including 'from') — the daemon will sign the payload and transmit it. Message recipients relying solely on the 'from' field without mapping it to the sender's public key may be misled. Ensure peers validate the public key-to-identity mapping (TOFU or pre-shared pubkeys) and that you understand the trust model. - File permissions and discovery: message inbox/outbox and seen_ids.json are stored on disk. Review and harden directory permissions and consider placing the skill in an isolated directory or container. Recommended mitigations before use: - Run in an isolated environment (container / VM) for initial testing. - Create a dedicated user account for the daemon and set restrictive file permissions (umask, chmod 600 for key files, restrict data/ and keys/ directories). - Restrict IPC access (filesystem ACLs or bind TCP to 127.0.0.1 and use OS-level firewall rules) and consider adding authentication to the IPC protocol. - Change UDP bind to the specific Tailscale IP instead of 0.0.0.0 or add firewall rules limiting source addresses to the Tailnet. - Review and, if necessary, harden the code: require IPC authentication, encrypt keys at rest, and make auto-start optional until you trust the deployment. If you cannot apply these mitigations, treat the skill as potentially risky for production or multi-user hosts.

功能分析

Type: OpenClaw Skill Name: lobster-comm Version: 1.1.0 The lobster-comm skill bundle implements a legitimate peer-to-peer communication protocol (LCP/1.1) designed for AI agents to exchange messages over a Tailscale network. The implementation includes a background daemon (lcp_node.py) that handles UDP communication, Ed25519 cryptographic signing for message integrity (lcp_crypto.py), and a local IPC interface (Unix sockets on macOS/Linux, TCP on Windows) for agent interaction. The code follows good security practices, such as restricting IPC socket permissions to the owner (0o600) and binding the Windows IPC server to localhost only. There is no evidence of data exfiltration, malicious execution, or prompt injection; the network and file system capabilities are strictly aligned with the stated purpose of inter-agent messaging.

能力评估

✓ Purpose & Capability

The code and SKILL.md align: it implements a UDP-based P2P protocol over Tailscale, uses Ed25519 signing (PyNaCl listed), and provides IPC tools for send/check/ack/status. The declared prerequisites (Python, PyNaCl, Tailscale, UDP port) match the implemented behavior.

⚠ Instruction Scope

Instructions ask the user to edit lcp_node.py to set IPs, start the daemon, and optionally auto-start it. That's expected, but the runtime behavior includes an unauthenticated local IPC (Unix socket or TCP localhost) that accepts SEND/CHECK/ACK/STATUS commands and will sign and transmit arbitrary payloads on behalf of the node. The daemon stores keys and message files on disk and binds UDP to 0.0.0.0:9528 (not restricted to the Tailscale interface), which can expose the service if network/firewall rules are not strict.

✓ Install Mechanism

There is no install script; the skill is instruction + code files. Dependencies are standard (PyNaCl) and users are asked to pip install it. No remote downloads or archive extraction are present in the manifest.

ℹ Credentials

The skill requests no environment variables or external credentials (good). However it generates and stores an Ed25519 seed/private-key file (keys/identity.pem) on first run with no encryption or explicit file-permission hardening. Local files (data/, keys/) and the IPC socket are created with default permissions — these are sensitive artifacts and require proper protection.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and uses standard daemon/autostart suggestions. Autostart is optional and left to the user. No unexpected platform-wide modifications are present in the provided files.

版本历史

v1.1.0

LCP/1.1 UDP P2P protocol: Ed25519 signing, reliable ACK delivery, heartbeat, cross-platform

元数据

Slug lobster-comm

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Lobster Comm 是什么？

Bot-to-Bot P2P communication over Tailscale using the LCP/1.1 UDP protocol. Enables AI agents on different machines to exchange signed, reliable messages in... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 102 次。

如何安装 Lobster Comm？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install lobster-comm」即可一键安装，无需额外配置。

Lobster Comm 是免费的吗？

是的，Lobster Comm 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Lobster Comm 支持哪些平台？

Lobster Comm 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Lobster Comm？

由 JeffChang2024（@jeffchang2024）开发并维护，当前版本 v1.1.0。

Lobster Comm