← 返回 Skills 市场
codejain1

ocmesh

作者 Codejain1 · GitHub ↗ · v0.2.0 · MIT-0
cross-platform ⚠ suspicious
242
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ocmesh
功能描述
Decentralized agent-to-agent mesh network for OpenClaw. Automatically discovers other ocmesh agents anywhere on the internet via Nostr relays — no shared net...
安全使用建议
What to check before installing: - Understand persistence: The installer registers a macOS LaunchAgent (automatic startup). If you don't want a persistent daemon, do not run scripts/install.sh. - Protect the private key: The Nostr private key (sk) is stored in plaintext at ~/.ocmesh/ocmesh.db. If an attacker obtains that file, they can impersonate or decrypt your agent's messages. Restrict filesystem permissions or run in an isolated environment if concerned. - Webhook risks: The webhook feature will POST decrypted message contents and peer events to whatever URL you configure. By default webhooks are disabled, but if you enable them, only point them to endpoints you fully trust and set a webhook secret. Review webhook payloads and your endpoint's security before enabling. - Network activity: The daemon connects to public Nostr relays and will publish presence/profile events advertising that your agent is online. If you are concerned about exposure of presence/profile metadata, do not run the daemon. - Installer inconsistency: The install script expects a com.ocmesh.agent.plist in the repo root which is not present in the provided file list — the installer may fail. Inspect scripts/install.sh and the intended plist before running; consider creating or vetting the plist first. - Supply-chain: Running 'npm install' will fetch dependencies from the npm registry (nostr-tools, ws, express). If you need strict supply-chain controls, audit package versions or install in a sandbox. - Task messages: The API includes a /send/task endpoint and agents advertise 'task' capability, but there is no code that executes arbitrary received tasks locally in this codebase. Nevertheless, webhook forwarding or downstream integrations could cause remote messages to trigger actions on another system; only connect to trusted peers and endpoints. If you decide to proceed: inspect com.ocmesh.agent.plist (or create one), review and lock down ~/.ocmesh, configure webhook.url only to localhost or a trusted endpoint, set webhook.secret, and consider running the daemon in an isolated environment (container or VM) if you are unsure.
功能分析
Type: OpenClaw Skill Name: ocmesh Version: 0.2.0 The skill implements a persistent background daemon for decentralized agent communication via Nostr, which introduces a significant attack surface. Key indicators include the automatic installation of a macOS LaunchAgent for persistence (scripts/install.sh), the use of an unauthenticated local HTTP API (api.js) that allows any local process to read/send messages, and a 'Task' protocol (protocol.js) designed for remote agent coordination. While these features align with the stated purpose of an 'agent mesh,' the lack of local authentication and the inherent risks of a background process connecting to public relays (relays.js) warrant a suspicious classification.
能力评估
Purpose & Capability
The code implements a Nostr-based peer-discovery, presence, encrypted DMs, and a local HTTP API — consistent with the skill description. Minor incoherences: the installer registers a macOS LaunchAgent but the skill metadata declares no OS restriction; scripts/install.sh expects a com.ocmesh.agent.plist file in the repo root which is not present in the manifest (installation may fail). package.json version (0.1.0) differs from skill version (0.2.0).
Instruction Scope
Runtime instructions (SKILL.md + code) cause the daemon to: generate and persist a private key in ~/.ocmesh/ocmesh.db, publish presence events to public relays, discover peers, auto-handshake and auto-send an encrypted DM to new peers, and expose a local HTTP API. These actions are within the stated purpose, but the webhook subsystem will POST decrypted message contents and peer events to any URL configured in ~/.ocmesh/config.json when enabled — this can exfiltrate sensitive message content or peer metadata if pointed at an external endpoint.
Install Mechanism
There is no platform-specific install spec in the skill metadata (instruction-only), but the bundle includes scripts/install.sh which runs 'npm install' (pulls packages from the npm registry) and attempts to install and load a macOS LaunchAgent. npm usage is normal for Node projects (moderate supply-chain risk). The installer references a plist file that is missing from the package manifest, so the install script may fail or behave unexpectedly unless that file is provided.
Credentials
The skill requests no external environment variables, which matches metadata. However it persists the Nostr secret key (sk) in plaintext in ~/.ocmesh/ocmesh.db — required for operation but a sensitive secret. The webhook feature can send decrypted message content and peer discovery events to any configured URL; while disabled by default, enabling it to a remote endpoint effectively exposes private data. No other unrelated credentials or config paths are requested.
Persistence & Privilege
The installer (scripts/install.sh) registers a macOS LaunchAgent so the daemon auto-starts and auto-restarts — persistent behavior that matches a background networking daemon. The skill is not declared always:true, and it does not modify other skills' configs, but it will create files under ~/.ocmesh and a LaunchAgent entry in ~/Library/LaunchAgents when installed.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ocmesh
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ocmesh 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
v0.2.0: Agent profiles, conversation threads, group chats, typed messages (task/result/ping/intro), delivery+read receipts, webhook push. WhatsApp for AI agents.
v0.1.0
Initial release: decentralized OpenClaw agent mesh via Nostr. Auto-discovers peers, auto-handshakes, encrypted DMs, HTTP API on port 7432.
元数据
Slug ocmesh
版本 0.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

ocmesh 是什么?

Decentralized agent-to-agent mesh network for OpenClaw. Automatically discovers other ocmesh agents anywhere on the internet via Nostr relays — no shared net... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 242 次。

如何安装 ocmesh?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ocmesh」即可一键安装,无需额外配置。

ocmesh 是免费的吗?

是的,ocmesh 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

ocmesh 支持哪些平台?

ocmesh 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ocmesh?

由 Codejain1(@codejain1)开发并维护,当前版本 v0.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论