📦 Clawdio — 安全P2P通信
v2.2.0为 AI 智能体打造的传输无关安全 P2P 通信框架,采用 Noise XX 握手与 XChaCha20-Poly1305 加密,支持连接授权与人机验证,无需 WebSocket,可在 Telegram、Signal 等任意消息通道运行,保障端到端隐私与抗审查能力。
0· 1.3k·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
high confidenceThe skill broadly matches a P2P encrypted-comm description, but multiple inconsistent/misproportioned items (hardcoded paths/IP, a start script that launches a local run.js, WebSocket code without a declared dependency, and mismatched packaging metadata) make the package unexpectedly opinionated and risky to run without review.
评估建议
This package implements a plausible Noise+XChaCha20 P2P library, but the shipped artefacts include several red flags: a start script tailored to a single user's filesystem that spawns detached processes and embeds an external IP; WebSocket transport code while documentation says 'No WebSocket' and the 'ws' dependency is missing; packaging/version mismatches and a reference to a run.js that is not included. Do not run scripts/start.js or any included script unreviewed. If you want to use this ski...详细分析 ▾
⚠ 用途与能力
The SKILL.md emphasizes Telegram as the transport and says 'No WebSocket', yet the source includes a WebSocket Transport implementation (src/transport.ts) and WebSocket server/client code. package.json lists only libsodium-wrappers as a dependency but the code imports 'ws' (missing from package.json). The start script (scripts/start.js) builds a connection string that embeds a hardcoded public host/IP (115.85.17.196:3579) and uses an absolute user path (/Users/jamesball/...) — these are not consistent with a transport-agnostic, privacy-first Telegram-centric description. Packaging metadata also mismatches the registry metadata version (package.json v2.0.0 vs registry v2.2.0) and claims files/dist that are not present. These inconsistencies indicate the codebase is not cleanly aligned with the declared purpose.
⚠ 指令范围
SKILL.md runtime instructions describe creating a Telegram group and wiring the OpenClaw message tool; they do not instruct running scripts/start.js. However scripts/start.js is included and, if executed, reads a local identity file, runs shell commands (pgrep, 'node run.js') in a hardcoded directory, and returns a connection string pointing to an external IP. That behavior (reading from a user-specific path, starting a background process, exposing a connection string with an IP) is outside the documented onboarding flow and is not justified in the documentation. The code also persists identity to disk (identityPath) and will create directories — SKILL.md mentions persistent identity but does not warn about absolute paths or the background starter script.
ℹ 安装机制
There is no install spec (instruction-only), which reduces installer-supply-chain risk. However, code contains direct child_process usage (exec) and a start script that launches 'node run.js' detached in a hardcoded directory — running that script would execute arbitrary local code. No network download/install is defined, but executing included scripts or building/running the code will run code that performs process spawning and can start long-lived processes. Additionally, package.json declares 'files': ['dist'] and main 'dist/index.js' but the repo contains src only; running 'npm install' as-is may not produce the expected artifacts.
⚠ 凭证需求
The skill declares no required environment variables or credentials, which superficially fits a pure crypto library. But scripts/start.js hardcodes an absolute user workspace path and a remote host/IP. The library writes/reads identity files and secret keys to disk when identityPath is set — this is expected for persistent identity, but the provided start script expects a specific path (/Users/jamesball/...) and identity file name (.clawdio-identity). The skill therefore implicitly requires filesystem access to user-specific locations and will expose a connection string containing a host/IP. The presence of an owner string ('James') hardcoded in the start script is further evidence the script was authored for a single user's environment rather than general use.
ℹ 持久化与权限
The skill is not marked always:true and is user-invocable (normal). However included scripts can start a detached background Node process (exec('node run.js') with child.unref()) — if an agent or user runs the provided start script it will create a persistent process outside the agent's lifecycle. That behavior creates persistence on the host machine and should be treated cautiously. There is no evidence the skill attempts to modify other skills or global agent configuration, but the background-launch behavior increases the blast radius if the script is executed.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.2.02026/2/8
v2.2: Telegram onboarding flow with user-created Clawdio Hub group. Updated docs.
● 可疑
安装命令
点击复制官方npx clawhub@latest install clawdiocomms
镜像加速npx clawhub@latest install clawdiocomms --registry https://cn.longxiaskill.com