Skills
skills/openclaw/skills/0x0-messenger/Gen Agent Trust Hub

0x0-messenger

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @0x0contact/c0x0 package from the npm registry as part of its setup process.
  • [DATA_EXFILTRATION]: The skill connects to an external notification relay service at https://0x0-notification.tiidatech.workers.dev.
  • Evidence: In src/web/api.js, the skill uses fetch to send the generated '0x0 number' and push notification tokens (FCM/APNS) to this endpoint for registration and notification purposes.
  • [PROMPT_INJECTION]: The skill processes untrusted message content from P2P peers, creating a surface for indirect prompt injection where an external attacker could send instructions to the agent.
  • Ingestion points: Incoming messages are received from peers via Hyperswarm and emitted through the pipe command in src/commands/pipe.js or via the WebSocket API in src/web/api.js.
  • Boundary markers: No boundary markers, delimiters, or 'ignore instructions' warnings are added to the incoming message content before it is passed to the agent's context.
  • Capability inventory: The pipe command is specifically designed for agent automation, allowing incoming peer messages to be streamed directly to the agent's standard output.
  • Sanitization: Incoming message strings are not sanitized for potential prompt injection or command-like sequences before being processed or displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 10:04 AM