Is dendisuhubdy/clawnet safe?

https://github.com/openclaw/skills/tree/main/skills/dendisuhubdy/clawnet

85
SAFE

ClawNet is a legitimate P2P networking tool for OpenClaw bot discovery and communication using the iroh QUIC library. The implementation appears clean with no malicious code detected, but the P2P networking capabilities warrant some caution in deployment scenarios where covert communications are a concern.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (4)

MEDIUM P2P Networking Capabilities -15

The skill implements P2P networking functionality using QUIC protocol for peer discovery and direct messaging. While legitimate for its stated purpose, this creates network connections to external endpoints.

LOW Local Identity and Peer Data Storage -10

The skill stores Ed25519 identity keys and peer information in local user directories. This is normal for P2P applications but represents persistent local data storage.

LOW Compiled Binary Execution -10

The skill requires compilation and execution of a Rust binary. While this is standard for Rust projects and the build process is transparent, it does involve code execution.

MEDIUM Potential for Covert Communications -30

While the P2P networking functionality appears legitimate, such capabilities could theoretically be repurposed for covert command and control communications between agents.